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INTRODUCTION 

As  knowlGcigG  managGiriGnt  (KM)  and  information  tGchnology  (IT)  havG  dGVGlopGd  and 
grown,  thGy  havG  GvolvGd  numerous  technical  terms  and  phrases  that  those  not  intimately 
involved  in  these  disciplines  may  find  difficult  to  understand.  These  terms  are  useful  in  efficiently 
communicating  among  professionals,  but  they  can  be  difficult  to  absorb  in  a  rapid  manner,  and  it 
can  be  difficult  to  obtain  consistent  definitions.  There  is  a  spectrum  of  tools  to  address  different 
aspects  of  the  jargon  development  phenomenon.  At  the  low  end  of  the  range  are  lists  that  define 
each  letter  of  an  acronym  but  do  not  usually  provide  much  else  they  are  essentially  data-level 
tools.  Many  glossaries  provide  short  definitions  of  terms  and  phrases,  they  are  essentially 
information-level  tools.  Unless  one  has  an  idea  or  context  already,  it  is  difficult  to  truly 
understand  when  only  provided  with  information.  This  encyclopedia  addresses  a  void  in  the 
present  spectrum.  It  is  an  attempt  to  create  and  distribute  a  knowledge-level  tool,  although  it  is 
not  as  voluminous  as  a  full-boat  encyclopedia  (which  would  be  impossible  to  adeejuately 
distribute).  This  encyclopedia  was  constructed  using  a  number  of  different  sources.  Much  of  it, 
however,  is  tacit  knowledge  taken  from  my  experience  on-the-job  at  the  Program  Executive  Office 
for  Information  Technology  (PEO-IT),  the  Department  of  the  Navy  (DON)  Chief  Information 
Office  (CIO),  and  from  courses  taken  at  the  Information  Resources  Management  College  (IRMC) 
to  achieve  certifications  (CIO  and  National  Security  Telecommunications  and  Information 
Systems  Security  Instruction  [NSTISSI]  4011). 

This  document  is  not  all-inclusive,  but  it  provides  a  first  step  at  capturing  and  elucidating 
many  commonly  used  KM  and  IT  terms  and  phrases.  Descriptions  are  limited  to  KM  and  IT  word 
usage  though  some  words  have  other  meanings  (not  addressed  here)  as  well.  A  Web  version  is 
hosted  on  the  Defense  Acquisition  University  (DAU)  and  PEO-IT  Web  sites  at 
tip :  /  / w w w . da u . mi I. / pu b s / p u b s-niai,o,._£yio  and  .llttpLci' ww w;;p.CH>itniivy;a^  and  included  in 
future  versions  of  the  DON  Knowledge  Centric  Organization  (KCO)  Toolkit  CD.  The  online 
version  will  be  maintained  and  periodically  updated.  Please  help  keep  the  online  version  current 
by  submitting  additional  terms  and  comments  via  the  Web  site.  For  more  information,  feedback, 
or  to  submit  changes,  please  contact  me  at  703-601-3061,  703-946-2731,  or 
p(illockn@spavva..r.navy.mil. 

I  have  added  a  considerable  number  of  quotations  from  various  sources  to  enhance  the 
encyclopedia.  They  are  an  attempt  to  extend  the  knowledge  inherent  in  this  document  into  the 
longer  scope  of  human  knowledge  and  into  the  realm  of  wisdom.  I  anticipate  that  some  readers 
will  find  them  of  particular  value  and  interest  while  others  will  find  them  perplexing  or  even 
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annoying.  I  have  differenHated  them  from  the  text  via  differing  font  size  and  placement  at  the  end 
of  each  entry.  However,  similar  to  Zen  Buddhist  koans,  the  quotations  that  may  appear  the  least 
relevant  may  be  the  very  ones  to  shed  light  where  it  is  needed  most  (though  I  had  to  stretch  a  bit 
to  find  a  quote  for  a  few  of  the  entries).  I  hope  you  find  them  enjoyable  as  well  as  enlightening.  As 
Samuel  Johnson  (1709-1784)  stated:  "Every  quotation  contributes  something  to  the  stability  or 
enlargement  of  the  language"  (from  The  Oxford  Dictionary  of  Quotations,  Oxford  University  Press, 
New  York,  1980,  p.  281,  No.  7)  and  Pettibone  Poole  said,  "He  who  laughs,  lasts"  (from  A  Glass  Eye 
at  the  Keyhole,  1938  as  quoted  by  Robert  Byrne  in  The  637  Best  Things  Anybody  Ever  Said,  Athenexim 
NY,  1982,  #72). 

USES 

This  encyclopedia  can,  of  course,  be  used  as  a  reference  document  (similar  to  the  Encyclopedia 
Britannica  or  Americana)  for  KM  and  IT  terms  and  phrases.  It  can  also  be  used  as  a  training  aid  for 
KM  and  IT  courses.  In  addition,  in  can  be  used  as  an  INDOC  (indoctrination)  tool  for  new 
employees.  Such  usage  can  provide  the  person  new  to  IT  or  KM  with  basic  knowledge  from 
which  to  build  and  can  elicit  informed  questions  to  expand  the  person's  personal  knowledge  base 
by  eliciting  implicit  or  tacit  knowledge  from  more  experienced  employees.  In  addition,  PEO-IT 
intends  to  employ  the  encyclopedia  as  part  of  its  Enterprise  Solutions  outreach  program. 

NAVIGATION 

An  alphabetic  banner  at  the  start  of  the  document  provides  hyperlinks  to  the  letters  of  the 
alphabet  within  the  document  as  well  as  to  the  acronym  list.  Depending  upon  your  software,  you 
may  have  to  hit  the  "control"  key  while  clicking  the  left  mouse  button  to  reach  the  desired 
location.  The  letters  and  acronym  list  may  also  be  directly  accessed  through  "Insert"  on  the  tool 
bar,  followed  by  "Bookmark,"  selecting  the  element  desired,  and  then  "Go  to." 


The  acronym  list  is  attached  at  the  beginning  of  the  document.  It  includes  references  to  where 
acronyms  are  used  within  the  encyclopedia  and  can,  therefore,  be  used  as  an  abbreviated  index. 
Searches  in  Microsoft  Word  can  also  be  made.  These  can  be  facilitated  (if  searching  for  entries)  by 
selecting  "advanced  search,"  "font,"  and  "bold"  since  the  entry  headers  are  all  in  bold.  Thus,  only 
the  entry  headers  (which  are  repeated  in  the  acronym  list)  will  be  found  via  this  search. 

DISCLAIMER 

Opinions,  conclusions,  and  recommendations  expressed  or  implied  within  are  solely 
those  of  the  authors.  They  do  not  necessarily  represent  the  views  of  the  Department  of  the 
Navy  or  any  other  U.S.  government  agency.  Cleared  for  public  release;  distribution 
unlimited  (from  Information  Age  Anthology:  Part  Four,  International  Affairs,  David  Alberts 

and  Daniel  Papp,  Eds.,  National  Defense  University  (NDU)  Press,  Washington,  DC,  1987, 
p.  iv). 
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Acronyms 

Note:  encyclopedia  entries  (headers)  are  in  bold 


ABC 

ACAT 

ACWP 

ADA 

ADP 

APB 

AFIT 

AFP 

AHP 

AI 

All 

AIS 

AMPS 

ANOVA 

ANSI 

AOL 

AP 

APC 

API 

APMC 

APP 

AR 

AS 

ASCII 

ASN  (AR) 

ASP 

ASP 

ASR 

ASSIST 

ASU 

ATM 

AWT 

B/L 

B2B 

B2C 

BAG 

BAR 

BBS 

BCA 

BCA 


Activity-Based  Costing 

Acquisition  CATegory — see  CBR,  CCA,  DAE,  PM,  and  8121 

Actual  Cost  of  Work  Performed — see  EVM 

Americans  with  Disabilities  Act — see  Section  508 

Automated  Data  Processing— see  IT 

Air  Force  Base — see  DSS 

Air  Force  Institute  of  Technology — see  DSS 

Approval  for  Full  Production — see  Buzzword  Compliant 

Analytical  Hierarchy  Process 

Artificial  Intelligence 

Assuring  the  Information  Infrastructure — IRMC  Course 

Automated  Information  System — see  IT 

Analog  Mobile  Phone  Service 

ANalysis  Of  VAriance 

American  National  Standards  Institute 

America  OnLine — see  ISP,  P2P,  Vortal 

Access  Point 

Acquisition  Professional  Corps — see  DAWI A 
Application  Programming  Interface 

Advanced  Program  Management  Course — see  Decision  Theory,  PM, 
Systems  Engineering 

Application  Portability  Profile — see  NIST,  Portability 

Acquisition  Reform 

Administrative  Support — see  DAWPDP 

American  Standard  Code  for  Information  Interchange — see  Cookie 
Assistant  Secretary  of  the  Navy  for  Acquisition  Reform— see  PM 
Active  Server  Page — see  Webification 
Application  Service  Provider 
Automatic  Speech  Recognition 

Automated  System  Security  Incident  Support  Team— see  lO,  PGP 
Approval  for  Service  Use — see  Buzzword  Compliant 
Asynchronous  Transfer  Mode 
Abstract  Windowing  Toolkit — see  Java 
BaseLine 

Business  to  Business 

Business  to  Customer  (or  Consumer) 

Budgeted  At  Completion — see  EVM 
Behaviorally-Anchored  Rating  (Scale) 

Bulletin  Board  System— see  Intellectual  Property 
Bridge  Certification  Authority — see  CA 
Business  Case  Analysis — see  ROI 


7 


BCWP 

BCWS 

BIA 

BOA 

BPA 

BPR 

BRAC 

BSS 

BTMP 

BUPERS 

B/W 

C' 

c'w 

C^I 

Cl 

CIS? 

CA 

CAAP 

CAC 

CAD 

CAD/CAM 

CAIV 

CALEA 

CAPP 

CASE 

CBR 

CCA 

CCITT 

c-commerce 

CCPA 

CCRP 


CD 

CDA 

CDA 

CDMA 

CDRL 

CD-R 

CD-ROM 

CD-RW 


Budgeted  Cost  of  Work  Performed— see  EVM 
Budgeted  Cost  of  Work  Scheduled— see  EVM 
Business  Impact  Analysis— see  COOP 
Basic  Ordering  Agreements — see  GWAC 
Blanket  Purchasing  Agreements— see  GWAC,  ESI 
Business  Process  Reengineering 
Base  Realignment  And  Closure  Act 
Basic  Service  Set 

Business  and  Technical  Management  Professionals— see  DAWPDP 
BUreau  of  PERSonnel — see  DSS 

Bandwidth 

Command  and  Control— see  CCRP,  C'W,  DIAP 

Command  and  Control  Warfare 

Command,  Control,  Communications,  and  Intelligence 

Command,  Control,  Communications,  Computers,  and  Intelligence 

Command,  Control,  Communications,  Computers,  and  Intelligence  Support 

Plan — see  Architecture 

Certification  Authority 

Critical  Asset  Assurance  Program 

Common  Access  Card 

Card  Acceptance  Device — see  Smart  Card 

Computer-Aided  Design/Manufacturing— see  DB 

Cost  As  an  Independent  Variable 

Communications  Assistance  to  Law  Enforcement  Act 

Crisis  Action  Planning  Process — see  lO 

Computer-Aided  Software  Engineering — see  DB,  S/W 

Case  Based  Reasoning 

Clinger-Cohen  Act 

Committee  for  International  Telegraph  and  Telephone — see  ITU 

collaborative  commerce 

Cable  Communications  Policy  Act 

Command  and  Control  Research  Program 

(formerly:  Command,  Control,  Communications,  Computers,  Intelligence, 
Surveillance,  and  Reconnaissance  (CTSR)  Cooperative  Research  Project) 

Compact  Disk 

Central  Design  Activity  or  Communications  Decency  Act 
Component  Data  Administrator — see  Data  Administration 
Code-Division  Multiple  Access 
Contract  Data  Requirements  List — see  Data 
Compact  Disk-Recordable— see  CD,  Log  Files,  OSD 

Compact  Disk  Read-Only  Memory— see  DVD,  Distributed  Learning  IT 
OSD  ^  ' 

Compact  Disk-Re- Writable — see  Optical  Storage  Device 
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CEO 


CERIAS 

CERT 

cf. 

CFAA 

CFHA 

CFO 

CFOA 

CHAID 

CHAP 

CIA 

CIANA 

CIAO 

CICG 

CIM 

CIO 

CIP 

CIPC 

CIRT 

CISA 

CISO 

CISSP 

CIWS 

CKO 

CLO 

CMM 

CMU 

CNA 

CNA 

CND 

COAT 

CobIT 

COE 

Col 

COMSEC 

COO 

COOP 

CoP 


Chief  Executive  Officer — see  Capital  Planning  and  Investment,  CXOs, 
NSTAC,  Performance-  and  Results-Based  Management,  Vision  and 


Mental  Model 

Center  for  Education  and  Research  in  Information  Assurance  and 
Security — see  Electronic  Business,  Hackers 
Computer  Emergency  Response  Team 
See  (in  References) 

Computer  Fraud  and  Abuse  Act 

Computer  Fraud  and  Hacking  Act 

Chief  Financial  Officer— see  Capital  Planning  and  Investment,  FISCAM, 


GPRA 

Chief  Financial  Officers  Act 

CHi  square  Automatic  Interaction  Detection — see  Data  Mining 
Challenge  Handshake  Authentication  Protocol— see  Authentication 
Central  Intelligence  Agency— see  PCCIP,  Vulnerability 
Confidentiality,  Integrity,  Availability,  Nonrepudiation,  and 
Authentication 

Critical  Infrastructure  Assurance  Officer 

Critical  Infrastructure  Coordination  Group— see  PDD-63 

Computer  Integrated  Manufacturing— see  DB 

Chief  Information  Officer 

Critical  Infrastructure  Protection 

Critical  Infrastructure  Protection  Council 

Computer  Incident  Response  T earn 

Command,  Control,  Communications,  Computers,  Intelligence, 
Surveillance,  and  Reconnaissance  (C"ISR)  Integration  Support  Activity 
Chief  Information  Security  Officer  see  DB,  lAM  ^ 

Certified  Information  Systems  Security  Professional  see  ISC 

Close  In  Weapons  System— see  CND 

Chief  Knowledge  Officer 

Chief  Learning  Officer — see  CXOs 

Capability  Maturity  Model  . 

Carnegie-Mellon  University— see  CMM,  Risk  Assessment/Analysis,  SAV, 

SEI 

Center  for  Naval  Analyses— see  Interoperability 
Computer  Network  Attack — see  lO 
Computer  Network  Defense 

Council  On  Accessible  Technology— see  Section  508 

Control  objectives  for  Information  and  related  Technology 

Common  Operating  Environment 

Community  of  Interest 

COMmunications  SECurity — see  DITSCAP 

Chief  Operating  Officer — see  CXOs 

Continuity  Of  Operations  Plan 

Community  of  Practice 
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COPPA 

CORBA 

COS 

COTS 

CPI 

CPO 

CPS 

CPU 

CREATE 

CRL 

CRM 

CSA 

c/scsc 

CSMA/CA 

CSSPAB 

CST 

cw 

CWML 

cxo 

C&A 

C&E 

DA 

DAA 

DAC 

DAE 

D-AMPS 

DARPA 

DAU 

DAWIA 

DAWPDP 

DB 

DBMS 

IXMC 

DDDS 

DDL 

DDM 

DDOS 

DES 

DFAS 

DIAP 


Children's  Online  Privacy  Protection  Act 
Common  Object  Request  Broker  Architecture 
Chip  Operating  System 
Contractor  Off-The-Shelf 
Cost  Performance  Index — see  EVM 

Chief  Planning  Officer,  Chief  Privacy  Officer,  or  Chief  Petty  Officer— see 

CXOs 

Certificate  Practice  Statement— see  Policy 
Central  Processor  Unit— see  SAV 

Committee  on  Resources  for  Electronic  Accessible  Technology  to  End- 

users— see  Section  508 

Certificate  Revocation  List 

Customer  Relationship  Management 

Computer  Security  Act 

Cost/Schedule  Control  Systems  Criteria — see  Buzzword  Compliant,  EVM 
Carrier  Sense  Multiple  Access/ Collision  Avoidance — see  IEEE 

Computer  System  Security  and  Privacy  Advisory  Board- see  Computer 
Security  Act 

Critical  information  systems  technologies— IRMC  Course 
Collected  Works  (of  Carl  Gustav  Jung) 

Compact  Wireless  Markup  Language — see  WML 
combination  acronym  for  CEO,  CIO,  etc.  where  x  is  a  variable 
Certification  and  Accreditation— see  DITSCAP,  lASE 
Cause  and  Effect  (chain)-cf.  Feedback 
Design  Agent— see  CDA 

Designated  Approval  Authority— see  DITSCAP,  lAM,  NSTISSI,  SSAA 

Discretionary  Access  Control 

Defense  Acquisition  Executive 

Digital  Advanced  Mobile  Phone  Service — see  AMPS 

Defense  Advanced  Research  Project  Agency— see  CIRT,  ITU,  Internet,  Nil 

Defense  Acquisition  University— see  DAWIA,  PM,  Systems  Engineering 

Defense  Acquisition  Workforce  Improvement  Act 

Defense  Acquisition  Workforce  Personnel  Demonstration  Project 
DataBase  ’ 

DataBase  Management  System 

Defense  Contract  Management  Command— see  Components, 

Performance-  and  Results-Based  Management 

Defense  Data  Dictionary  System— see  Data  Dictionary,  Standardization 
Data  Definition  Language— see  DB 

Department  of  Defense  Data  Model— see  Data  Administration 

Distributed  Denial  Of  Service 

Data  Encryption  Standard 

Defense  Finance  and  Accounting  Service — see  EFT 

Defense-wide  Information  Assurance  Program 
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DiD 

DII 

DINK 

DISA 

DISN 

DITSCAP 

DLA 

DLR 

DM 

DMCA 

DMIR 

DML 

DMS 

DMZ 

DNS 

DoA 

DoAF 

DoC 

DoD 


DoDD 

DoE 

DoE 

DoJ 

DOLAP 

DoN 


Defense  in  Depth 
Defense  Information  Infrastructure 
Data,  INformation,  and  Knowledge 
Defense  Information  Systems  Agency 

Defense  Information  Systems  Network— see  DISA 

Defense  Information  Technology  Security  Certification  and  Accreditation 
Process 

Defense  Logistics  Agency— see  components,  DSS 

Disk  Operating  System  Local  Area  Network  requestor— see  Protocol 

Data  Management 

Digital  Millennium  Copyright  Act 

Data  Management  and  Interoperability  Repository— see  DM,  Data 
Repository,  Metadata  Repository 
Data  Manipulation  Language — see  DB 

Data  Management  Strategies  and  Technologies— IRMC  Course 
DeMilitarized  Zone 
Domain  Name  Server 

Department  of  the  Army— see  Departments 
Department  of  the  Air  Force — see  Departments 
Department  of  Commerce — see  PCCIP 

Department  of  Defense— see  Architecture  Framework,  Architectures  and 
Infrastructures,  A-11,  A-76,  BRAC,  Buzzword  Compliant,  Capital 
Planning  and  Investment,  CIO,  CCA,  C*!,  CAC,  COE,  Components,  CIRT, 
Core  FuncHons,  CAIV,  CAAP,  CIAO,  CIP,  CIPC,  cyberlaw,  tybralMn 
CISA,  Data  Administration,  Data  Dictionary,  Data  Element,  DM,  DAE, 
Defense,  Departments,  DoDD,  EVM,  eB,  eC,  EDI,  EFT,  Enterprise,  FASA, 
GIG,  Information,  lASE,  Information  Infrastructure,  IM,  IRM,  IRMC, 
INFOSEC,  ITA,  IDEFIX,  IPT,  Interface,  ISO,  Internet,  JTA,  Nil,  OA, 
Performance-  and  Results-Based  Management,  PPBS,  PCCIP,  Privacy  Act, 
Process  Improvement,  PM,  PKI,  Quality,  Seat  Management,  SBU, 
Services,  SCSCG,  S/W,  SEI,  Spectrum  Management,  Standardization,  TA, 


TCO  X  509  8121 

Department  of  Defense  Directive — see  C^I,  CAAP,  DAE,  DISA,  DITSCAP, 

DIAP,  Eb,  IM,  lO,  IRM,  INFOSEC,  NSTISSI,  policy 

Department  of  Education — see  PCCIP 

Department  of  Energy — see  CIRT,  PCCIP 

Department  of  Justice — see  PCCIP 

Desktop  OnLine  Analytical  Processing —see  OLAP 

Department  of  the  Navy— see  INTRODUCTION, 

ACKNOWLEDGMENTS,  Benchmarking,  Capital  Planning,  Change 

Management,  CCA,  Cop,  Cop  CD,  CIAO,  CIP, 

Departments,  e-Gov,  Hyperlink,  IL,  KCO  CD,  KM,  LO,  NMCI,  NCW, 
Organizational  Learning,  PM,  Reverse  Auction,  Search  Engine,  Seat 
Management,  Section  508,  S/W,  Systems  Thinking,  Tacit  Knowledge, 


Taxonomy 


DoS 

DOS 

DoS 

DoT 

DoT 

DRI 

DSA 

DS-CDMA 

DSL 

DSMC 

DSS 

DSSS 

DVD 

DWDM 

EA 

EAC 

EAI 

eB 

eBusiness 

eC 

e-checks 

eCommerce 

ECPA 

EDGE 

EDI 

EEA 

e-FOIA 

EFT 

e-Gov 

EIS 

e-Ieaming 

e-mail 


Department  of  State — see  Information  Assurance  Red  Team,  SPO 
Disk  Operating  System— see  COS,  OS,  Protocol,  System  Software 
Denial  of  Service 

Department  of  Transportation — see  PCCIP 
Department  of  the  Treasury— see  PCCIP 
Defense  Reform  Initiative 

Digital  Signature  Algorithm— see  Public  Key  Cryptosystems 
another  name  for  Direct  Sequence  Spread  Spectrum  (DSSS) 

Digital  Subscriber  Line 

Defense  Systems  Management  College — see  acquisition,  DAWIA,  PM, 

Systems  Engineering  ' 

Decision  Support  Systems 

Direct  Sequence  Spread  Spectrum 

Digital  Versatile  Disk 

Dense  Wavelength  Division  Multiplexing 

Economic  Analysis — see  8121 

Estimate  At  Completion— see  EVM 

Enterprise  Application  Integration 

electronic  Business 

electronic  Business 

electronic  Commerce 

electronic  checks 

electronic  Commerce 

Electronic  Communications  Privacy  Act 

Enhanced  Data  Global  System  for  Mobile  Communications  Environment 

Electronic  Data  Interchange 

Economic  Espionage  Act 

electronic  Freedom  Of  Information  Act 

Electronic  Funds  Transfer  or  Electronic  Financial  Transaction 

electronic  Government 

Executive  Information  System 

electronic  learning— cf.  Distributed  Learning 

electronic  mail 


EMS 

E/MSS 

EO 

EPA 

ERP 

ES 

ESA 

ESI 

e-sign 

ESP 

ESS 


Electronic  Meeting  System— see  DSS 

Employee/Member  Self  Service — see  EFT 

Executive  Order-see  CCA,  CIP,  NSTAC,  Strategic  Planning 

Environmental  Protection  Agency — see  NIC 

Enterprise  Resource  Planning 

Enterprise  Solutions 

Enterprise  Software  Agreement— see  ESI 

Enterprise  Software  Initiative 

electronic  signature 

External  Services  Provider 

[developing]  Enterprise  Security  Strategies,  Guidelines,  And  Policies— 
IRMC  Course 
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ESS 

ESTJ 

ETA 

ETC 

EU 

EVM 

EW 

EWSP 

FAA 

FAIR 

FAQs 

FAR 

FARA 

FARC 

FASA 

FBI 

FCC 

FDA 

FDM 

FDMA 

FEIT 

FEMA 

ff 

FFRDC 

FGCA 

FHSS 

FII 

FIPS 

FISA 

FISCAM 

FMFIA 

FOIA 

FORMIS 

FOUO 

four  A's 

FPC 

FSS 

FTE 

FTP 

FV 

F/W 


Extended  Service  Set —  See  IBSS  and  BSS. 

Extroverted,  Sensate,  Thinking,  Judgmental— see  Model 

Education,  Training  and  Awareness — see  DITSCAP,  lASE 

Estimate  To  Complete— see  EVM 

European  Union 

Earned  Value  Management 

Electronic  Warfare — see  C  W,  IW 

Entity-Wide  Security  Program 

Federal  Aviation  Administration — see  A-76,  DSS 

Federal  Activities  Inventory  Reform  Act 

Frequently  Asked  Questions 

Federal  Acquisition  Regulations — see  FSS,  Section  508 
Federal  Acquisition  Reform  Act 

Federal  Acquisition  Regulatory  Coimcil — see  Acquisition 
Federal  Acquisition  Streamlining  Act 

Federal  Bureau  of  Investigation — see  CIRT,  Cyberlaw,  PCCIP 
Federal  Communications  Commission— cf.  Frequency,  IEEE,  Policy, 


Section  508 

Functional  Data  Administrator — see  Data  Administration 

Frequency-Division  Multiplexing 

Frequency  Division  Multiple  Access — see  AMPS 

Functional  Evaluation  and  Integration  Team— see  DIAP 

Federal  Emergency  Management  Agency — cf.  COOP,  CIP,  Disaster 

Recovery,  PCCIP 

footnote  (in  a  reference) — see  Regression  Analysis 
Federally  Funded  Research  and  Development  Center 
Freedom  from  Government  Competition  Act 


Frequency  Hopping  Spread  Spectrum 
Federal  Information  Infrastructure — see  DII 
Federal  Information  Processing  Standard  see 


A-130,  Data,  DES,  IDEFIX 


Foreign  Intelligence  Surveillance  Act 

Federal  Information  Technology  Security  Assessment  Manual 


Federal  Managers  Financial  Integrity  Act 


Freedom  Of  Information  Act 

Framework  and  Open  Reference  Model  for  Information  Security  see 


INFOSEC 

For  Official  Use  Only— see  CIO,  CAAP,  CIP,  DIAP,  SBU 
Adaptability,  Accountability,  Alignment  and  Awareness 
Federal  Preparedness  Circular — see  COOP,  CIP 
Federal  Supply  Schedules 
Full  Time  Equivalents — see  DRI 

File  Transfer  Protocol — see  Cache  Server,  PGP,  Trojan  Horse,  URL 


First  Virtual 
Firmware — see  SAV 


13 


GA 

GAA 

GAAP 

GAO 


Gbps 

GCCS 

GCSS 

GIG 

GII 

GIS 

GISRA 

GITS 

GMRA 

GNIE 

GOSC 

GPEA 

GPO 

GPRA 

GPRS 

GS 

GS 

GSA 


GSM 

GST 

GUI 

GWAC 

HCI 

HBR 


HIPAA 

HLL 

HMD 

HOL 

HONE 

PIPS 

HSM 

HTML 


Genetic  Algorithms 

Generally  Applicable  and  Accepted 

Generally  Accepted  Accounting  Principles — see  GAA 

General  Accounting  Office— see  Audit,  Balanced  Scorecard,  CERT,  CIRT 

Core  Functions,  CIP,  EVM,  FISCAM,  GPRA,  Information  Assurance  Red 

Team,  INFOSEC,  Penetration  Test,  Performance-  and  Results-Based 

Management,  Portfolio  Management,  Privacy,  Pki,  Spo,  Strategic 

Planning 

Gigabits  per  second;  one  billion  or  lO’ bits/second 

Global  Command  and  Control  System — see  COE 

Global  Combat  Support  System— see  COE 

Global  Information  Grid 

Global  Information  Infrastructure 

Geographic  Information  System 

Government  Information  Security  Reform  Act 

Government  Information  Technology  Services  Board— see  CCA 

Government  Management  and  Reform  Act 

Global  Networked  Information  Enterprise — see  GIG 

Global  Operations  and  Security  Center— see  lO 

Government  Paperwork  Elimination  Act 

Government  Printing  Office— see  XML 

Government  Performance  and  Results  Act 

General  Packet  Radio  Service 

General  Semantics — see  Semantic  Analysis 

General  Schedule — see  DAWPDP 

General  Services  Administration — see  Balanced  Scorecard,  Capital 

Planning  and  Investment,  FSS,  GWAC,  Performance-  and  Results-Based 

Management,  PDD-63,  Seat  Management,  Section  508 

Global  System  for  Mobile  Communications 

General  Systems  Theory 

Graphical  User  Interface 

Government  Wide  Acquisition  Contract 

Human  Computer  Interface 

Harvard  Business  Review — cf.  Assumptions,  Balanced  Scorecard,  Change 
Management,  DSS,  IM,  IPT,  Leadership,  LO,  Performance-  and  Results- 

Based  Management,  Reengineering,  Simulation,  Vision  and  Mental 
Model 

Health  Insurance  Portability  and  Accountability  Act 

High-Level  Languages — cf.  Mainframe  Computer 

Head  Mounted  Devices — cf.  VR 

High  Order  Languages — cf.  Mainframe  Computer 

Hands  On  Network  Environment — cf.  Information  Map 

High  Performing  System— cf.  Flow,  Organizational  Learning 

Hierarchical  Storage  Management 

HyperText  Markup  Language 
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HTTP 

lA 

lA 

lAG 

lAM 

lASE 

lAVA 

IBSS 

I-CASE 

ICE 

ICSA 

IDE 

IDEFIX 

IDL 

IDS 

IDS 

IEEE 

lERs 

IETF 

IFC 

IG 

IIPT 

HTF 

IKM 

IL 

IM 

IMPAC 

INFOSEC 

lO 

IP 

IP 

IPPD 

IPT 

IQ 

IRM 

IRM303 

IRMC 

IRS 

IRT 

IS 

ISAC 

ISACA 

ISACF 


HyperText  Transfer  Protocol 
Information  Assurance 
Intelligent  Agent 

International  Agreements  Generator  cf.  CBR 

Information  Security  or  Information  System  Security  Assessment 

Methodology 

Information  Assurance  Support  Environment 
Information  Assurance  Vulnerability  Alerts  cf.  DIAP,  lO 
Independent  Basic  Service  Set 

Integrated  Computer  Aided  Software  Engineering— cf.  SAY 

Independent  Cost  Analysis— cf.  TCO 

International  Computer  Security  Association— cf.  viruses 

Integrated  Digital  Environment 

Integrated  DEFinition  for  information  modeling 

Interface  Definition  Language — cf.  CORB A,  Java 

Interface  Design  Specification — cf.  Interface 

Intrusion  Detection  System 

Institute  of  Electrical  and  Electronics  Engineers 

Information  Exchange  Requirements 

Internet  Engineering  Task  Force — see  X.509 

Internet  Foundation  Classes — cf.  Java 

Inspector  General — cf.  GISRA 

Integrating  Integrated  Product  (or  Process)  Team  cf.  IPT 
Information  Infrastructure  Task  Force — cf.  Information  Infrastructure 
Institute  for  Knowledge  Management 
Information  Literacy 

Information  Management  r  caca 

International  Merchant  Purchasing  Authorization  card— cf .  FASA 
INFOrmation  SECurity  or  INFOrmation  system  SECurity 
Information  Operations 
Intellectual  Property 
Internet  Protocol 

Integrated  Product  and  Process  Development— cf.  DSS 

Integrated  Product  (or  Process)  Team 

Intelligence  Quotient— cf.  Information  Infrastructure,  Time  Horizon 
Information  Resources  Management 

Advanced  Information  System  Acquisition— IRMC  Course 
Information  Resources  Management  College 

Internal  Revenue  Service — cf.  Data  Warehouse,  DSS,  Expert  System, 
GPEA 

Internet  Relay  Chat  c  i. 

Information  Superiority  or  Information  Security  or  Information  System 

Information  Security  Analysis  Center 

Information  Systems  Audit  and  Control  Association— cf.  CobIT 
Information  Systems  Audit  and  Control  Foundation— cf.  CobIT 
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ISC' 

ISDN 

ISM 

ISO 

ISP 

ISSA 

ISSM 

ISSO 

ISSP 

IT 

ITA 

ITIM 

ITMRA 

ITRB 

ITSEC 

ITU 

IT-21 

IW 

JFC 

JFCOM 

JOPES 

JSCOPE 

JTA 

JVM 

JV2020 

KB 

KCL 

KCO 

KCO  CD 

KD 

KID 

KM 

KMCP 

KMI 

KPA 

KR 

KS 

LAN 

LCC 

LCDR 

LCL 

LDAP 


International  Information  Systems  Security  Certification  Consortium 
Integrated  Services  Digital  Network 

Industry,  Science,  And  Medicine — cf.  Frequency,  Home  RF,  IEEE 

International  Standards  Organization 

Internet  Service  Provider 

Inter-Service  Support  Agreements — cf.  A-76 

Information  System  Security  Manager — cf.  lASE,  lAM 

Information  System  Security  Officer — cf.  lASE,  lAM,  NSTISSI 

Information  System  Security  Program — cf.  Nil 

Information  Technology 

Information  Technology  Architecture 

Information  Technology  Investment  Management— cf.  Portfolio 
Management 

Information  Technology  Management  Reform  Act— cf.  Acquisition, 

Capital  Planning  and  Investment,  CCA,  DM,  FARA,  Policy 

Information  Technology  Requirements  Board — cf.  CCA 

Information  Technology  SECurity— see  DITSCAP,  lASE 

International  Telecommunications  Union 

Information  Technology  for  the  2P'  Century — cf.  Gateway,  NMCI 

Information  Warfare 

Java  Foundation  Classic — cf.  Java 

Joint  Forces  COMmand— cf.  DSS 

Joint  Operations  Planning  and  Execution  System — cf.  lO 

Joint  Services  Conference  On  Professional  Ethics — cf.  FMFIA 

Joint  Technical  Architecture 

Java  Virtual  Machine — cf.  Java 

Joint  Vision  2020— cf.  Decision  Superiority,  DiD,  lO,  Information 

Superiority,  KS 

Knowledge  Base 

Knowledge  Community  Leader 

Knowledge-Centric  Organization 

Knowledge-Centric  Organization  Compact  Disk  (toolkit) 

Knowledge  Density 

Knowledge,  Information,  and/or  Data 

Knowledge  Management 

Knowledge  Management  Community  of  Practice — cf.  CoP 

Key  Management  Infrastructure 

Key  Process  Area— cf.  Acquisition,  CMM,  S/W 

contractor— cf.  Penetration  Test 

Knowledge  Superiority 

Local  Area  Network 

Life-Cycle  Cost— cf.  PMLCCE,  TCO 

Lieutenant  CommanDeR — cf.  Micro  Purchases 

Lower  Control  Limits — cf.  Change  Management 

Light-Weight  Directory  Access  Protocol 
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LDC 

LMDS 

LO 

LoA 

LOG 

LoD 

LRA 

LSB 

L2TP 

MAGIC 

MATS 

MAN 

MBTI 

MDA 

MDAP 

MEO 

MIDS 

MILDEP 

MIME 

MISSI 

MLDT 

MLS 

MMDS 

MO 

MOLAP 

MOP 

MOTS 

MP3 

MSB 

MTBF 

MUDs 

NADC 

NASA 

NATO 

NAVAIR 

NAVFAC 

NAVSEA 

NCW 

NDI 


Leadership  for  the  21*'  Century  IRMC  Course 

Local  Multipoint  Distribution  Service 

Learning  Organization 

Level  of  Abstraction 

Lines  Of  Code— cf .  IT,  software  quality 


Level  of  Detail — cf .  LoA 
Local  Registration  Authority 
Least  Significant  Bit— cf.  steganography 
Layer  two  Tunneling  Protocol  cf.  VPN 

Merced  Automated  Global  Information  Collector — cf .  Expert  System 
Major  Automated  Information  System — cf.  DAE,  IRM,  8121 

Metropolitan  Area  Network  j  ,  xttc 

Myers-Briggs  Type  Indicator — cf.  CRM,  Item  Analysis,  Model,  NLS 
Milestone  Decision  Authority— cf.  DAE 
Major  Defense  Acquisition  Program— cf.  DAE 
Most  Efficient  Organization — cf.  A-76,  DRI 

Multifunctional  Information  Distribution  System— cf.  CBR,  Common, 

MILitary  DEPartment— cf.  AR,  Agency,  CIO,  Enterprise,  8121 

Multipurpose  Internet  Mail  Extension 

Multilevel  Information  System  Security  Initiative  cf.  MLS 

Mean  Logistics  Delay  Time— cf.  Availability 

MultiLevel  Security 

Multipoint  Multichannel  Distribution  Service 
Magneto-Optical — cf.  OSD 

Multidimensional  OnLine  Analytical  Processing  cf.  OLAP 
Measuring  results  of  Organizational  Performance— IRMC  Course 
Modified  Off-The-Shelf — see  COTS 
MPEG-1  (Motion  Picture  Expert  Group)  Audio  Layer-3 


lERs 


Most  Significant  Bit— cf .  Steganography 

Mean  Time  Between  Failures — cf.  Availability,  Bum-In,  SPOF 
Multi-User  Dungeon,  Multi-User  Dimension,  Multi-User  Dialogue 
Naval  Air  Development  Center — cf.  Cryptology,  Java 
National  Aeronautics  and  Space  Administration— cf.  Seat  Management, 


VTC 

North  Atlantic  Treaty  Organization— cf.  CBR,  Common,  DSS,  lERs, 


interoperability 

NAVal  AIR  systems  command— cf. 


BRAC,  CAIV,  Knowledge  Elicitation, 


NAVal  FACilities  engineering  command— cf.  Col,  Domain,  Knowledge 


NAVal  SEA  systems  command— cf.  Acronym,  ANOVA,  CD  A,  Change 
Management,  Eb,  Interoperability,  PM 
Network  Centric  Warfare 

Non  Developmental  Item — cf.  COTS,  DITSCAP 
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NDU 


NETMA 

NF 

MAC 

NIACAP 

NIC 

Nil 

NIIPA 

NIPC 

NIST 

NLP 

NLS 

NMCI 

NNs 

NOR 

NPR 

NPT 

NSA 

NSD 

NS/EP 

NSIE 

NSIPS 

NSPOM 

NSS 

NSS 

NSTAC 

NSTISSI 

NUWC 

NWC 

OA 

ocs 

ODBC 

OEBF 

OIO 

OIPT 

OIRA 

OLAP 

OLE  DB 

OLTP 

OMB 


National  Defense  University— cf.  ASR,  CIO,  Cybrarian,  DSS,  DAWIA, 
IRMC,  IW,  Performance-  and  Results-Based  Management, 
Standardization,  VR 

Nobody  Ever  Tells  Me  Anything— cf.  Net  Casting 
iNtuitive  Feeler— cf.  NLS,  Strategic  Thinking 
National  Infrastructure  Assurance  Council — cf.  PDD-63 

National  Information  Assurance  Certification  and  Accreditation  Process 
— cf.  DITSCAP 

Networked  Improvement  Communities 

National  Information  Infrastructure 

National  Information  Infrastructure  Protection  Act 

National  Infrastructure  Protection  Center— cf.  National  Infrastructure 

National  Institute  Of  Standards  and  Technology 

Natural  Language  Processing 

NonLinear  Systems 

Navy/Marine  Corps  Intranet 

Neural  Networks 

Net  Operating  Results — cf.  Balanced  Scorecard 

National  Performance  Review 

Newport  (Rhode  Island)— cf.  Balanced  Scorecard 

National  Security  Agency— cf.  CSA,  DSS,  lAM,  MLS,  Nil,  NIST,  TCSEC 

National  Security  Directive— cf.  CSA 

National  Security  and  Emergency  Preparedness — cf.  NSTAC 

National  Security  Information  Exchange — cf.  NSTAC 

Navy  Standard  Integrated  Personnel  System — cf.  ERP  Webify 

National  Industrial  Security  Program  Operating  Manual— cf.  Orange  Book 

National  Security  System 

National  Security  Strategy— cf.  KS 

National  Security  Telecommunications  Advisory  Committee 

National  Security  Telecommunications  and  Information  Systems  Security 
Instruction 

Naval  Undersea  Warfare  Center— cf.  Balanced  Scorecard 

New  World  of  the  Chief  Information  Officer — IRMC  Course 

Operational  Architecture 

Overall  Contribution  Score — cf.  DAWPDP 

Open  DataBase  Connectivity — cf.  API 

Open  Electronic  Book  Forum — see  NIC 

Offensive  Information  Operations — cf.  API,  lO 

Overarching  Integrated  Product  (or  Process)  Team— cf.  IPT 

Office  of  Information  and  Regulatory  Affairs— cf.  PRA 

OnLine  Analytical  Processing 

Object  Linking  and  Embedding  DataBase — cf.  API 

OnLine  Transaction  Processing 

Office  of  Management  and  Budget 
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OMG 

OODB 

OOP 

OPEVAL 

OPSEC 

OPTEVFOR 

ORDB 

ORB 

ORD 

OS 

OSD 

P2P 

PACFLT 

PCCIP 

PC 

PC 

PCAT 

PCO 

PCS 

PDA 

PDD 

PDF 

PDU 

PDRR 

PERL 

PGP 

PIN 

PKI 

PKIX 

P.  L. 


PM 

PMCOP 

PMLCCE 

PMO 

POM 

PPBS 

PPI 

PPT 

PPTP 

PRA 

PRNG 


Object  Management  Group — cf .  CORBA 
Object  Oriented  DataBase — cf.  DB 
Object-Oriented  Programming 
operational  EVALuation — cf.  Beta  Testing 


operations  SECurity 

operational  Test  and  Evaluation  FORce— cf.  Beta  Testing 

Object  Relational  DataBase— cf.  DB 

Object  Request  Broker — cf .  CORBA 

Operational  Requirements  Document  cf.  Program 

Operating  System 

Optical  Storage  Device 


Peer-to-Peer 

PACific  FLeeT— cf.  Virtual  Collaboration 

President's  Commission  on  Critical  Infrastructure  . 

Personal  Computer— cf.  Digicash,  Encryption,  Firewall,  PCAT,  SET,  Thick 
(or  Fat)  and  Thin  Clients,  War  Driving 

Politically  Correct — cf.  Buzzword  Compliant,  Process  Improvement 
Personal  Computer  Access  Tool — cf.  Data  Dictionary 
Principal  (or  Procuring)  Contracting  Officer  cf.  FASA 
Personal  Communications  Services — cf.  AMPS 


Personal  Digital  Assistant 
Presidential  Decision  Directive 
Portable  Document  Format 

Program  Development  and  Integration  Team— cf.  DIAP 
Protect-Detect-Restore-Respond — cf.  lO 

Practical  Extraction  and  Report  Language— cf.  Webification  Methods 


Pretty  Good  Privacy 

Personal  Identification  Number 

Public  Key  Infrastructure 

Public  Key  Infrastructure  (X.509) — see  X.509 

Public  Law— cf.  Anti-Terrorism  Act,  CFOA,  CCA,  CSA,  EEA, 

FMFIA,  FISA,  GPRA,  NIL  NIIPA,  NIST,  PRA,  Privacy  Act, 

Telecommunications  Act 

Program  Management 

Program  Management  Community  of  Practice— cf.  PM 
Program  Manager's  Life-Cycle  Cost  Estimate  cf.  TCO 
Program  Management  Office — cf.  I ASE,  PM,  PKI,  TCO,  X.509 
Program  Objectives  Memorandum  cf.  Program 
Planning,  Programming,  and  Budgeting  System 
Past  Performance  Information — cf .  FASA 


ECPA,  FAIR, 


People,  Processes,  and  Tools — cf.  DII 
Point-to-Point  Tunneling  Protocol— cf.  VPN 
Paperwork  Reduction  Act 
Pseudo  Random  Number  Generator— cf.  WEP 
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PSYOP 

PV 

QDR 

Q.  E.  D. 

RA 

RAID 

RAM 

RBA 

RBE 

RDB 

RDS 

RF 

RFP 

RMI 

ROI 

ROLAP 

ROM 

RPD 

RSA 

RSI 

RUP 

SA 

SABI 

SAM301 

SANS 

SBU 

SCADA 

S/C/E 

SCE 

SCP 

SCSCG 

SCSI 

SEC 

SECDEF 

SEE 

SEI 

SEP 

SET 

SE&I 

SGML 

ShaDE 

SIDR 

SIG 


psychological  Operations— cf.  CW 
Present  Value 

Quadrennial  Defense  Review— cf.  KS 

Quad  Erat  Demonstrandum — cf.  Output  Measure(s) 

Registration  Authority 

Redundant  Array  of  Independent  Disks 

Random  Access  Memory 

Revolution  in  Business  Affairs — cf.  Process  Improvement 
Rice  Bowl  Engineering— cf.  Process  Improvement 
Relational  DataBase”~cf.  DB 
Reference  Data  Sets— cf.  ShaDE 

Radio  Frequency— cf.  Blue  Tooth,  DSSS,  FHSS,  Home  RF 
Request  For  Proposal— cf.  FSS 
Remote  Method  Invocation — cf.  Java 
Return  On  Investment 

Relational  OnLine  Analytical  Processing  — cf.  Data  Mart,  OLAP 
Read-Only  Memory 
Recognition-Primed  Decision 

Rivest,  Shamir,  and  Adleman — cf.  PGP,  public  key  cryptosystems,  WEP 
Rationalization,  Standardization,  and  Interoperability — cf.  Common 
Rational  Unified  Process 
Systems  Architecture 

Secret  And  Below  Interoperability— see  lASE 

Advanced  Software  Acquisition  Management — IRMC  Course 

System  Administration,  Networking  and  Security 

Sensitive  But  Unclassified 

Supervisory  Control  And  Data  Acquisition 

Select/Control/Evaluate — cf.  Portfolio  Management 

Supply  Chain  Execution— cf.  SRM 

Supply  Chain  Planning— cf.  SRM 

Smart  Card  Senior  Coordinating  Group 

Small  Computer  Systems  Interface 

Managing  Networked  Security  in  a  Networked  Environment — IRMC 
Course 

Secretary  of  Defense — cf.  Benchmarking,  CIO,  DRI,  DIAP,  FISA,  Nil 
Significant  Emotional  Experience— cf.  SRM 
Software  Engineering  Institute 

Systems  Engineering  Procedures— cf.  Systems  Engineering 
Secure  Electronic  Transaction  or  Transfer 
Systems  Engineering  and  Integration— cf.  Interoperability 
Standard  Generalized  Markup  Language 
Shared  Data  Engineering 

Secure  Intelligence  Data  Repository — cf.  Data  Dictionary 
Special  Interest  Group — cf.  Data  Dictionary,  Blue  Tooth 
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SJ 

SLA 

SME 

S/MIME 

SMG 

SNA 

SNS 

SOAP 

SOE 

SOP 

SPAWAR 


SPI 

SPMN 

SPO 

SPOF 

SQL 

SRM 

SSA 

SSAA 

SSAC 

SSC-CH 

SSEB 

SSL 

SSO 

SSP 

STRG 

ST&E 

S/W 

SWAP 

SYSCOM 

S&T 

TA 

TADIL 

TAFIM 

TCL 

TCO 

TCP 

TCSEC 

TDA 

TDL 


Sensate  Judgmental — cf.  Strategic  Thinking 
Service  Level  Agreement 

Subject  Matter  Expert— cf.  Best  Practices,  Face  Validity,  Mavens 

Secure /Multipurpose  Internet  Mail  Extensions  —see  MIME 

Secure  Network  Server  Mail  Guard  cf.  MLS 

Social  Network  Analysis 

Secure  Network  Server — cf.  MLS 

Simple  Object  Access  Protocol 

Standard  Operating  Environment 

Standard  Operating  Procedure— cf.  lAM 

SPAce  and  naval  WARfare  systems  command — cf.  BRAC,  Best  Practices, 
Brain  Drain,  Portal,  PM,  SAY,  Quality,  SSC-CH,  SYSCOM,  Systems 
Engineering 

Schedule  Performance  Index — cf.  EVM,  PKEnable 

Software  Program  Managers'  Network— cf.  SAV,  Quality 

Senior  Privacy  Officer 

Single  Point  Of  Failure 

Structured  Query  Language 

Supplier  Relationship  Management 

System  Security  Administrator — cf.  Systems  Management 

System  Security  Authorization  Agreement 

Source  Selection  Advisory  Council— cf.  Central  Tendency 

SPAWAR  Systems  Center  CHarleston— cf.  Knowledge  repositories,  tacit 

knowledge 

Source  Selection  Evaluation  Board— cf.  Central  Tendency 

Secure  Sockets  Layer 

System  Support  Office 

System  Security  Plan — cf .  I  AM 

Software  Technology  Reference  Guide  cf.  SEI 

Security  Test  and  Evaluation — see  DITSCAP,  lASE 

Software 

Shared  Wireless  Access  Protocol — cf.  Home  RF 

systems  COMmand  (e.g.,  NAVAIR,  NAVSEA,  SPAWAR^.  Acronym 
Science  and  Technology — cf.  Balanced  Scorecard,  Cybrarian 
Technical  Architecture 
TActical  Digital  Information  Link— cf.  lERs 

Technical  Architecture  Framework  for  Information  Management  cf .  COE, 
JTA,TA 

Tool  Command  Language— cf.  Webification 

Total  Cost  of  Ownership 

Transmission  Control  Protocol 

Trusted  Computing  System  Evaluation  Criteria 

Technical  Development  Activity — cf.  CDA 

Technical  Discipline  Leader— cf.  Domain,  Knowledge  Network 
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TDL 

TDMA 

TEAS 

TECHEVAL 

TEW 

TMS 

TNT 

TOC 

TQL 

TQM 

TTP 

T&E 

UCITA 

UCL 

UML 

UPS 

USA 

USAF 

USCG 

USG 

USN 

USPS 

URL 


Tactical  Data  Link— cf.  lERs 

Time  Division  Multiple  Access— cf.  AMPS,  CDMA,  EDGE,  GSM 

Trademark  Electronic  Application  System — cf.  e-Gov 

TECHnical  EVALuation— cf.  Beta  Testing 

Task  Force  Web— cf.  Application 

Technical  Management  Support— cf.  DAWPDP 

Tacit  kNowledge  Transfer 

Total  Ownership  Cost— see  TCO,  ESI 

Total  Quality  Leadership — cf.  Feedback,  Process  Improvement,  TQM 
Total  Quality  Management — cf.  AR,  Change  Management,  Process 
Improvement,  TQL 
Trusted  Third  Party— cf.  CA,  PKI) 

Test  and  Evaluation— cf.  DITSCAP,  lASE 

Uniform  Computer  Information  Transactions  Act 

Upper  Control  Limit — cf.  change  management 

Unified  Modeling  Language 

Uninterruptible  Power  Supply 

United  States  Army— cf.  Components,  Services 

United  States  Air  Force— cf.  Components,  Information  Superiority, 

Services,  SAV,  Systems  Engineering,  VR 

United  States  Coast  Guard — cf.  Services 

United  States  Government— cf.  CFHA,  Departments,  Services 

United  States  Navy — cf.  Components,  Services 

United  States  Postal  Service— cf.  DSS 

Uniform  Resource  Locator 


VAN  V alue- Added  Network 


VANs  Voice  Application  Networks 

VONAPP  Veterans  ON  line  Applications— cf.  GPEA 

VPN  Virtual  Private  Network 

VPPA  Video  Privacy  Protection  Act 

VR  Virtual  Reality 

VTC  Video  Teleconferencing 

VVD  Voice,  Video,  and  Data 

WAN  Wide  Area  Network 


WAP 

WC 

WDM 

WEP 

WIPT 

WMD 

WML 

WOM 

WSCID 

WTLS 


Wireless  Application  Protocol 
Wearable  Computer 

Wavelength  Division  Multiplexing— cf.  DWDM,  Multiplexing 
Wireless  Equivalent  Privacy 

Working  Integrated  Product  (or  Process)  Team  — cf.  IPT 
Weapons  of  Mass  Destruction— cf.  Cyberlaw 
Wireless  Markup  Language 
Write  Only  Memory — cf.  CD 

Weapon  Systems  Control  Interface  Drawings — cf.  Interface 
Wireless  Transport  Layer  Security 
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WWW  World  Wide  Web 

XML  extensible  Markup  Language 

YGIAGAM  Your  Guess  Is  As  Good  As  Mine— cf.  Key  Pair 

IG  first  Generation 

3PL  third  Party  Logistics — cf.  SRM 

4  A's  four  A's  (Adaptability,  Accountability,  Alignment  And  Awareness) 

508  see  Section  508 
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A 


Accessible  Population 

The  total  nvimber  of  cases  for  which  it  is  conceivable  to  collect  data  (IRMC  Measuring 
Results  of  Organizational  Performance  Course). 

To  the  Sufi,  perhaps  the  greatest  absurdity  in  life  is  the  way  in  which  people  strive  for 
things — such  as  knowledge— without  the  basic  equipment  for  acquiring  them.  They  have 
assumed  that  all  they  need  is  "two  eyes  and  a  mouth,"  as  Nasrudin  says.  In  Sufism,  a 
person  cannot  learn  until  he  is  in  a  state  in  which  he  can  perceive  what  he  is  learning,  and 
what  it  means  ...  This  is  why  Sufis  do  not  speak  about  profound  things  to  people  who  are 
not  prepared  to  cultivate  the  power  of  learning — something  which  can  only  be  taught  by  a 
teacher  to  someone  who  is  sufficiently  enlightened  to  say:  "Teach  me  how  to  learn.  There  is 
a  Sufi  saying:  "Ignorance  is  pride,  and  pride  is  ignorance.  The  man  who  says  T  don't  have  to 
be  taught  how  to  learn'  is  proud  and  ignorant."  (Idries  Shah,  "First  Things  First,  The 
Exploits  of  the  Incomparable  Mulla  Nasrudin,  Octagon  Press,  London,  1983,  p.  29.) 

Access  Point  (AP)— see  Basic  Service  Set,  Extended  Service  Set 

A  device  used  in  wireless  local  area  networks  (LANs)  that  provides  the  wireless 
connection  between  workstations  and  the  LAN  distribution  system.  APs  use  shared-key 
(symmetrical)  encryption  and  challenge-response  authentication  for  user  logon. 
Unauthorized  (rogue)  APs  are  a  major  threat,  red  team  "war  driving"  can  detect  such 
security  breaches  (IRMC  Managing  Networked  Security  in  a  Networked  Environment 
Course). 


As  long  as  you  depend  on  the  statistical  aggregates  we  call  information,  you'll  know  a 
good  deal  about  your  product,  a  good  deal  about  your  services,  and  not  a  blessed  thing 
about  your  customers.  (Peter  Drucker,  quoted  by  Downes  and  Mui  in  The  Killer,  p.  79.) 

Acquisition 

One  of  the  10  federal  chief  information  officer  (CIO)  competencies,  specified  by  the 
Federal  CIO  Council  Executive  Board,  included  in  the  IRMC's  curriculum  for  the  CIO 
certificate.  Acquisition  is  the  process  or  discipline  of  acquiring  products  and  services;  it 
includes  generation  or  research  and  development,  commercial  purchase  or  production, 
and  even  disposal  of  obsolete  items.  In  addition  to  IT  acquisition  (as  addressed  by  IRMC 
and  the  National  Defense  University),  acquisition  (per  se)  is  addressed  more  generally 
(including  military  hardware  and  national  security  systems,  for  instance)  under  the 
Defense  Acquisition  Workforce  Improvement  Act  (DAWIA)  and  at  the  Defense  Systems 
Management  College.  The  DAWIA  communications /computers  competency  area  relates 
directly  to  IT  and  can  complement  CIO  training.  Advanced  Information  System 
Acquisition  Course  (see  IRMC )  can  be  credited  to  both  programs.  The  Information 
Technology  Management  Reform  Act  and  the  Clinger-Cohen  Act  had  a  major  impact  on 
IT  acquisition,  emphasizing  new,  faster  ways  to  acquire  IT,  and  established  the  Federal 
Acquisition  Regulatory  Council  (FARC)  chartered  to  simplify  the  process,  use  risk 
management,  promote  incremental  and  multiple  award  acquisition,  and  use  commercial 
IT  (IRMC  New  World  of  the  CIO  Course).  Software  has  become  a  major  (perhaps,  the 
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major)  aspect  of  acquisition,  and  the  Capability  Maturity  Model  has  been  extended  to 
included  software  acquisition. 


Software  Acquisition  Capability  Maturity  Model' 


Level 

Focus 

- JL- - - J  - - 

Key  Process  Areas  (KPAs) 

5.  Optimizing 

Continuous  process 
improvement 

Acquisition  irmovation  management 
Continuous  process  improvement 

4.  Quantitative 

Quantitative  management 

Quantitative  process  management 

Quantitative  acquisition  management 

3.  Defined 

Acquisition  processes  and 
organizational  support 

Process  definition  and  maintenance 

Project  performance  management 

Contract  performance  management 

Acquisition  risk  management 

Training  program 

2.  Repeatable 

Project  management 
processes 

Software  acquisition  plarming 

Solicitation 

Requirements  development  and  management 
Project  management 

Evaluation 

Transition  to  support 

1.  Initial 

A  j _ 

Competent  people  and 
heroics 

_ ^  r,  A 

None 

a.  IRMC  Advanced  Software  Acquisition  Management  Course. 


Defense  Acquisition  Deskbook:  http:  /  / webi  .de.skbonk  o^d  m il 
Defense  Acquisition  University:  https:  /  /daul  .fed  world  .{rov  (virtual  campus) 
Acquisition  History  Project:  http:/ /www.army.mil/cmh-pg /acquisition/ 
acc]home.htm 

Army  Acquisition  Corps:  http:/ /dacm. rdaisa.army.mil  and 
http:/ /acqnet.saalt.armv.rnil 

Air  Force  Acquisition:  http:  /  / www.safaq.hq.af  mil 

Navy  Acquisition  and  Business  Management:  http:  /  /www.abm.rda  hq.navy.mil 
Defense  Systems  Management  College:  http://www.dsmr.daii.mil  (DAWIA  courses) 
Federal  Acquisition  Institute  (FAI):  http:  /  /www.faionlinp.rom 
Federal  Acquisition  Jump  Station  (NASA):  http:/  / nais.nasa.gov/ fedproc/ home.html. 

From  a  differing  perspective,  however: 

"Suboptimal"  Divisions.  A  $6-bilIion  organization  we  encountered  some  years  ago  had 
organized  technical  groups  into  "competency  centers" — physics,  chemistry,  etc.  These 
centers  had  become  the  primary  organizational  elements.  Projects  and  products  ranked  a 
distant  second.  The  practical  outcome  of  the  imbalance  was  that  an  individual's  time  was 
hopelessly  fragmented.  Any  person  might  work  on  as  many  as  a  half-dozen  projects 
associated  with  his  narrow  specialty.  The  projects  might,  in  turn,  span  three  or  four 
divisions,  two  or  three  groups.  The  organization  was  a  disaster.  Very  little  was  delivered  on 
time— principally,  in  our  view,  because  of  a  lack  of  commitment  and  a  focus  on  the  wrong 
things,  technical  disciplines  rather  than  products,  projects,  and  customers.  When  the 
organization  retuned,  after  a  five-year  hiatus,  to  a  project  mode  (with  technical  competency 
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relegated  to  a  distant  second),  development  activities  picked  up  noticeably— and  almost 
overnight.  (Thomas  J.  Peters  and  Robert  H.  Waterman  Jr.,  In  Search  of  Excellence,  Warner 
Books,  New  York,  1982,  p.  214.) 

Acquisition  Reform  (AR)  http:/ /www.accj.osd.rnil/ ai  /ar.htrn  and 

http:  /  /www.ar .navv.mil  • 

1)  Generically,  attempts  have  been  made  to  reform  the  government  (especially  the 
Department  of  Defense  [DoD])  acquisition  process  many,  many  times.  These  include:  1949 
Hoover  Commission,  1953  second  Hoover  Commission,  1969  Fitzhugh  Commission,  1972 
Commission  of  Covernment  Procurement,  1981  Carlucci  Initiatives,  1982  Grace 
Commission,  1986  Packard  Commission,  1989  Defense  Management  Review,  and  more. 
One  can  also  include  the  introduction  of  total  quality  management  or  leadership  a  la  W. 
Edwards  Deming.  Most  of  these  major  efforts  did  not,  however,  address  cultural  change 
(except,  perhaps,  total  quality  management).  Nor  were  they  supported  by  parallel 
environmental  and  cultural  changes  in  society.  It  must  be  understood  that  govenment 
acquisition  and  procurement  have  always  (by  design)  given  first  priority  to  social  and 
political  considerations  versus  efficiency  and  cost-effectiv eness. 

"Fair"  (or  perceived  "equitable")  procurement  took  precedence  over  savmg  money. 
Also,  the  system  was  skewed  to  support  social  programs  such  as  small  business  and 
disadvantaged  social  groups  and  sections  of  the  nation.  Furthermore,  under  prior  leones 
of  management  and  supervision,  the  overall  integrity  of  workers  and  the  use  of  ris 
analysis  were  downplayed  or  ignored.  When  a  problem  was  detected,  the  bureaucrahc 
solution  was  to  add  more  rules,  whether  needed  or  cost-effective  or  not— to  address  the 
completely  risk-averse  mentality  prevalent  at  the  time.  As  has  been  said  many  times, 
anyone  can  say  no,  but  no  one  can  say  yes.  Of  course,  statistics  tells  us  that  there  will 
always  be  "bad"  happenings  or  occurrences.  Most  of  them  are  simply  part  of  the  process. 

Changing  the  system  in  response  to  them  is  folly  and  poor  management.  W.  Edwards 
Deming's  methods  spoke  directly  to  this  systemic  political  problem.  It  actually  stems  from 
the  completely  erroneous  worldview  based  upon  discrete  occurrences  and  linear  thinking 
versus  the  realities  of  statistics  and  systems  or  nonlinear  thinking. 

2)  More  recently,  under  the  auspices  of  P.  G.  Kaminski  and  J.  S.  CaYisIer  (as  each 
assumed  the  position  of  Under  Secretary  of  Defense  for  Acquisition  and  Technology,  DoD 
acquisition  executive  [DAE]),  AR  has  been  used  to  indicate  the  set  of  initiatives  moving 
DoD  towards  commercialization.  This  set  of  initiatives  deleted  virtually  all  DoD  and 
MILDEP  specifications  and  standards — to  be  replaced  by  industry  standards.  Emphasis 
was  shifted  from  design  specifications  to  performance  specifications;  electronic  data 
interchange  was  emphasized;  empowerment  and  risk  management  were  enhanced. 
Courses  were  taught  to  all  DoD  employees  by  other  DoD  employees,  and  AR  offices  were 
created  at  OSD  and  the  MILDEPs.  A  concerted  effort  was  made  toward  cultural  change  m 
DoD  as  well  as  reengineering  so  as  to  destroy  the  old  processes  such  that  they  could  not 
be  reincarnated.  Many  of  the  33  recommendations  of  the  Oversight  and  Reporting  Process 
Action  Team  (an  independent  body  commissioned  by  the  DAE)  were  also  adopted.  These 
changes  paralleled  the  rapid  rise  and  spread  of  IT  throughout  industry  and  governmerh. 
Congress  has  been  at  the  forefront  of  AR.  Legislation  includes  the  Clinger-Cohen  Act,  the 
Federal  Acquisition  Reform  Act,  Federal  Acquisition  Streamlining  Act,  Federal  Activities 
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Inventory  Reform  Act,  and  various  defense  authorization  acts.  Bert  Concklin,  president  of 
the  Professional  Services  Council,  has  been  quoted  as  saying  "The  DoD  in  general,  while 
not  perfect,  is  much  more  attentive  to  business  management  and  business  process 
efficiency  than  most  civilian  agencies"  (Katherine  M.  Peters,  Government  Executive, 1999, 
May).  See  "Managerial  Accountability"  (Elliott  Jaques,  Journal  for  Quality  and  Participation, 
1992,  March). 

Acquisition  Reform  Network  (ARNET);  http:  /  / www.amet.gov  / 

1  will  go  anywhere  provided  it  is  forward.  (D.  Livingstone,  quoted  by  Lawrence  J.  Peter 
in  The  Peter  Prescription,  William  Morrow  &  Co.,  New  York,  1972,  p.  14.) 

Acronym 

A  pseudo-word  or  abbreviated  form  of  a  phrase  name  of  an  entity,  organization,  or 
other  concept  generally  formed  from  the  first  letter  of  each  word  in  the  phrase  in  the  same 
order  as  in  the  phrase.  Acronyms  should  normally  be  capitalized  (see  parentheticals 
following  the  titles  of  the  entries  in  this  document).  For  example,  acquisition  reform  has 
the  acronym  "AR."  Some  acronym  creators  attempt  to  create  acronyms  in  the  form  of 
actual  words  or  easily  pronounced  terms.  To  do  so,  they  sometimes  use  more  than  one 
letter  of  particular  words  in  the  phrases  from  which  the  specific  acronym  is  formed.  For 
instance,  analysis  of  variance  takes  the  first  two  letters  of  analysis  and  the  last  two  letters 
of  variance  in  order  to  form  its  acronym  ANOVA.  When  using  an  acronym  in  a 
document,  one  should  spell  out  the  phrase  initially  followed  by  the  acronym  within 
parentheses.  Thereafter,  the  acronym  can  be  used  in  lieu  of  the  phrase.  It  may  be 
preferable,  in  a  lengthy  document,  to  spell  it  out  for  each  chapter.  Alternately,  an  acronym 
list  can  be  attached  at  the  beginning  of  the  document  or  in  an  appendix  or  attachment  at 
the  end  of  the  document.  Acronyms  are  not  the  same  as  abbreviations.  In  the  government, 
many  abbreviations  are  formed  from  the  first  syllable  of  each  word  in  a  phrase, 
sometimes  disregarding  the  end  of  the  phrase  (especially  if  it  is  a  much-used,  replicated 
word  or  words).  Thus,  the  Naval  Sea  Systems  Command  is  abbreviated 
(entirely /officially)  as  NAVSEASYSCOM  and  (further /informally)  as  NAVSEA  (since 
there  are  several  SYSCOMs).  There  are  numbers  of  acronym  lists  on  the  Web:  AFCEA’s 
SIGNAL  Magazine:  http://wwvv.us.net/signal/Acronyms/Acronym.sE.html:  which 
contains  more  than  4,000  Information  Age  acronyms;  Force  XXI  acronyms  page; 

DoD  IT  Acronym  List:  http:  / / www.dacs.dtic.mil / topics/ acronym/ acronyms.shtml 

Navy  Acquisition,  Research,  and  Development  Information  Center: 
http:/  /nardic.onr. navy. mil. 

A  proverb  is  a  short  sentence  based  on  long  experience.  (Miguel  de  Cervantes,  quoted 
by  Jacob  M.  Braude  in  New  Trensiiry  of  Stories  for  Every  Speaking  and  Writing  Occasion, 

Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  315.) 

Activation  or  Arousal  Theory— see  Level  of  Abstraction  and  Time  Horizon 

A  theory  in  behavioral  psychology  that  indicates  that  a  person's  output  is  normally 
distributed  in  relation  to  his  or  her  input  (activation,  arousal,  or  stimulation).  Thus,  if  a 
person  is  at  rest,  he  or  she  has  no  output.  As  stimulation  begins,  output  goes  up,  but  at  the 
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"characteristic  point"  (peculiar  to  the  particular  person)  the  slope  changes  and  output 
goes  down  as  input  increases.  In  other  words,  a  person  who  is  either  under-utilized  or 
over-utilized  produces  less  than  when  optimally  utilized  or  stimulated.  Activation  theory 
has  had  many  useful  applications  in  marketing  and  other  arenas.  It  is  not  a  conscious 
phenomenon  and  so  unconscious  indicators  (such  as  pupil  dilation  of  the  human  eye) 
have  been  developed  to  ascertain  levels  of  stimulation.  It  also  led  to  the  empirical 
conclusion  that  light  physical  exercise  increases  scores  on  mental  tests  immediately 
following  the  exercise,  but  heavy  physical  exercise  decreases  these  scores.  Activation 
theory  has  many  applications  and  implications  in  supervision  and  management  in  today's 
enterprises.  It  complements  the  works  of  such  diverse  management  scientists  as  Ken 
Blanchard  (situational  leadership)  and  Elliot  Jaques  (time-horizon).  See  my  article  in  the 
Acquisition  Review  Quarterly  http:  /  /  www.dsmc.dsm.mil / pubs / arq/ 2000arq/ pollock.pdf. 

Not  to  be  able  to  work  at  full  capacity  is  restrictive,  depressing,  and  finally  persecuting. 

The  avoidance  of  work  at  full  capacity,  or  the  acceptance  of  underemployment,  is 
symptomatic  of  emotional  disturbance.  (Elliott  Jaques,  Creativity  and  Work,  International 
Universities  Press,  Madison,  CT,  1990,  p.  36.) 

Active  X — ^see  Mobile  Code  and  Webification 

Active  X  is  a  form  of  mobile  code  developed  by  Microsoft.  It  evolved  from  object 
linking  and  embedding  (OLE) ,  and  it  allows  a  program  to  use  Microsoft's  component 
object  model  (COM)  to  communicate  with  other  programs.  It  enables  many  attractive 
Web  site  displays.  However,  it  poses  considerable  security  vulnerabilities  and,  therefore, 
is  prohibited  by  many  local  area  network  administrators  and  Web  masters.  Java  is  its  Sun 
Microsystems  competitor  software.  On  November  7, 2000,  the  Assistant  Secretary  of 
Defense  (Command,  Control,  Communications  and  Intelligence),  the  Department  of 
Defense  Chief  Information  Office,  issued  the  Policy  Guidance  for  Use  of  Mobile  Code 
Technologies.  For  a  demo,  see  http:/ / www.downIoad.com/PC/ ActiveX/  (IRMC  Data 
Management  Strategies  and  Technologies  Course).  ActiveX: 
http:  /  /  w^w.microsoft.com /com /tech/  activex.asp  www.whatis.com. 

We  have  met  the  enemy  and  they  is  us.  (Pogo,  in  3,500  Good  Quotes  for  Speakers,  Gerald 
F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  82.) 

Activity-Based  Costing  (ABC) 

A  methodology  that  measures  the  cost  and  performance  of  activities,  resources,  and 
cost  objects.  Resources  are  traced  to  activities  that  are  then  assigned  to  the  business 
process  that  consumes  them.  This  information  allows  one  to  identify  which  activities 
contribute  to  customers'  needs  and  to  eliminate  activities  that  don't.  It  also  allows  one  to 
identify  cost  drivers  within  each  process.  (Defense  Logistics  Agency,  Performance  Plan  for 
Fiscal  Year  1996,  p.  A-2)  [IRMC  Measuring  Results  of  Organizational  Performance 
Course].) 


All  mankmd  is  divided  into  three  classes:  those  that  are  immovable,  those  that  are 
movable,  and  those  that  move.  (Benjamin  Franklin,  quoted  by  Jacob  Braude  in  New  Treasury 
of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ, 
June  1961,  p.  15.) 


29 


Agency 

Any  executive  department,  military  department  (MILDEP),  government  corporation, 
government  controlled  corporation,  or  other  establishment  in  the  executive  branch  of  the 
federal  government  or  any  independent  regulatory  agency.  Within  the  Executive  Office  of 
the  President,  the  term  includes  only  the  Office  of  Management  and  Budget  (OMB)  and 
the  Office  of  Administration  (OMB  Circular  A-130)  (IRMC  Data  Management  Strategies 
and  Technologies  Course). 

All  of  us  are  agents  of  history,  playing  out  our  roles,  shifting  or  failing  to  shift  according 
to  its  tides.  (M.  Scott  Peck,  Further  Along  the  Road  U’ss  Traveled,  Simon  &  Schuster,  New 
York,  1993,  p.  232.) 

Alt  Tag 

A  popup  displayed  on  a  computer  screen  when  the  mouse  cursor  is  placed  over  and 
remains  over  an  image  or  word  (such  as  on  a  Web  site).  The  alt  tag  explains  the  meaning 
of  the  image  the  cursor  is  placed  upon,  not  just  a  description  of  it.  Ait  tags  are  useful 
components  in  achieving  legal  compliance  with  the  Americans  with  Disabilities  Act.  See 
Section  508. 

The  phenomenon  of  our  being  unable  to  see  plain  truth  is  of  course  not  limited  to 
storytelling.  It  happens  frequently  in  our  lives  that  we  miss  something  obvious  and 
fundamental  that  is  staring  us  plainly  in  the  face.  We  are  unwilling  to  admit  the  obvious. 

We  reject  the  advice  of  our  colleagues  and  friends.  We  pay  experts  lots  of  money  to  tell  us 
the  self-evident.  We  spend  time  with  therapists  to  help  us  to  grasp  what  is  apparent  to 
everyone  around  us.  And  yet  often  we  still  fail  to  see  what  is  screaming  for  our  attention. 

(Stephen  Denning,  The  Springboard,  Butterworth-Heinemann,  Boston,  2001,  p.  162.) 


American  National  Standards  Institute  (ANSI) 

An  independent,  nonprofit  standards  organization  that  established  standards  for 
computer  keyboard  alphanumeric  codes,  personal  identification  numbers,  and  many 
other  items.  It  is  located  at  1430  Broadway,  New  York,  NY. 


Just  another  chicken  story  ...  True  story?  Sometimes  it  does  take  a  rocket  scientist: 
Scientists  at  NASA  built  a  gun  specifically  to  launch  dead  chickens  at  the  windshields  of 
airliners,  military  jets,  and  the  space  shuttle,  all  traveling  at  maximum  velocity.  The  idea 
was  to  simulate  the  frequent  incidents  of  collisions  with  airborne  fowl  to  test  the  strength  of 
the  windshields.  British  engineers  heard  about  the  gun  and  were  eager  to  test  it  on  the 
windshields  of  their  new  high-speed  trains.  Arrangements  were  made,  and  a  gun  w'as  sent 
to  the  British  engineers.  When  the  gun  was  fired,  the  engineers  stood  shocked  as  the  chicken 
hurtled  out  of  the  barrel,  crashed  into  the  shatterproof  shield,  smashed  it  to  smithereens, 
blasted  through  the  control  console,  snapped  the  engineer's  backrest  in  two,  and  embedded 
itself  in  the  back  wall  of  the  cabin,  like  an  arrow  shot  from  a  bow.  The  horrified  Brits  sent 
NASA  the  disastrous  results  of  the  experiment,  along  with  the  designs  of  the  windshield, 
and  begged  the  U.S.  scientists  for  suggestions.  NASA  responded  with  a  one-line  memo: 
"Thaw  the  chicken."  (Received  by  author  via  Internet  e-mail;  an  Urban  Legend.  See 
http:/ / www.snopcs2.com  /  which  also  references:  Looker,  Mark.  "A  Tale  of  the  Frozen 
Chicken  and  the  Internet."  Feathers  Newsletter.  October  1996  (Communications  Comer)  and 
Looker,  Mark.  "Frozen  Chicken  Cannon:  Myth  or  Reality?"  Feathers  Nexvsletter.  August  1997 
(Communications  Comer].) 
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Analogic  Thinking 

Thinking  in  terms  of  analogies.  Analogic  thinking  is  especially  effective  in 
communications  with  other  people,  for  transferring  implicit  knowledge  and  wisdom,  and 
in  tapping  into  the  potentials  of  unconscious  processes. 

Equally  important  to  knowledge  brokers,  however,  is  that  analogies  allow  them  to 
move  knowledge  from  one  context  to  another.  The  knowledge  may  be  tacit  (such  as  the 
needs  of  doctors  performing  surgery)  or  it  may  be  explicit  (such  as  the  performance 
requirements  of  a  toy  squirt  gun),  but  it  is  always  context-specific.  Analogic  thinking  creates 
new  knowledge  by  removing  it  from  one  context  and  placing  it  in  another,  the  search  for 
new  solutions  to  problems  needs  to  take  place  in  ways  that  allow,  even  encourage, 
unexpected  analogic  connections  to  happen.  (Andrew  B.  Hargadon,  "Firms  as  Knowledge 
Brokers:  Lessons  in  Pursuing  Continuous  Innovation,"  California  Management  Review, 

Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  Spring,  pp.  209-227.) 

Analog  Mobile  Phone  Service  (AMPS) 

Bell  Labs  developed  this  wireless  protocol,  originally  for  mobile  phones,  in  the  1970s. 
It  is  based  on  frequency  division  multiple  access  (FDMA);  supports  (theoretically)  416 
full-duplex  conversations;  operates  at  800  MHz;  and  has  14.4  kbps  data  rate.  This  is  25 
percent  of  the  present  56  kbps  modem  rate.  The  digital  version  is  digital  advanced  mobile 
phone  service  (D-AMPS)  that  is  based  on  TDMA;  divides  AMPS  radio  channels  into  six 
time  slots  (increasing  capacity  by  a  factor  of  three);  is  dual  band;  operates  at  800/1900 
MHz;  and  has  data  rates  of  14.4/43.2  kbps.  D-AMPS  provided  the  personal 
communications  services  (PCS)  cell  phone  system.  The  higher  data  rate  is  three  times  as 
great  as  AMPS  (IRMC  Managing  Networked  Security  in  a  Networked  Environment 
Course). 


If  everybody  thought  before  they  spoke,  the  silence  would  be  deafening.  (Gerald 
Barzan.  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden 
City,  NY,  1983,  p.  244.) 

ANalysis  Of  VAriance  (ANOVA) 

"A  statistical  technique  that  can  determine  whether  the  scores  for  one  group  of  cases  is 
different  than  another  group  of  cases  after  the  values  of  other  related  variables  are 
statistically  controlled"  (IRMC  Measuring  Results  of  Organizational  Performance 
Course).  ANOVA  is  a  form  of  factor  analysis.  It  is  used  to  analyze  a  nonlinear  situation 
(having  more  than  one  variable)  in  order  to  determine  the  contributions  of  the  various 
factors  toward  the  statistical  findings.  In  other  words,  it  tells  you  how  and  whether  a 
particular  variable  or  environmental  condition  affected  the  outcome.  For  example,  it  was 
widely  reported  that  lowering  the  speed  limit  to  55  mph  saved  many  lives.  But  an 
ANOVA  performed  on  the  statistics  might  show  that  the  lives  saved  were  mostly  due  to 
people  driving  fewer  miles  (when  gasoline  became  more  expensive). 

Problems  carmot  be  solved  at  the  same  level  of  consciousness  that  created  them.  (Albert 
Einstein,  quoted  in  Paul  Smith's  NAVSEA  pitch:  Enterprise  Transformation  Challenge, 

Successes,  and  the  Future.) 
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Analytical  Hierarchy  Process  (AHP) 

A  process  for  organizing  and  assessing  alternatives  against  a  hierarchy  of  multifaceted 
objectives  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

A  man  should  never  be  ashamed  to  own  he  has  been  in  the  wrong,  which  is  but  saying, 
in  other  words,  that  he  is  wiser  today  than  he  was  yesterday.  (Alexander  Pope,  Thoughts  on 
Various  Subjects,  quoted  in  the  Rosicrucian  Digest,  1974,  February,  p.  42.) 

Anti-terrorism  Act  of  1966,  P.  L.  104-132 

Secretary  of  State  designates  terrorist  organizations,  which  triggers  prohibitions  on 
fundraising,  freezing  of  assets,  and  travel  by  members;  establishes  special  court  to  hear 
actions  for  removal  of  aliens  from  the  United  States;  changes  federal  judicial  procedures 
to  limit  times  and  venues  for  habeas  corpus;  permits  use  of  unrevealed  classified  sources 
in  camera  decision  by  a  single  judge.  See  Presidential  Decision  Directive  62  (PDD-62) 
Combating  Terrorism  (May  22, 1998,  http://vvww.fas.org/irp/offdocs/pdd-62.hh-ni.  and 
U.S.  Policy  on  Counter-terrorism  (1995  or  1996,  PDD-39)  (IRMC  Assuring  the  Information 
Infrastructure  Course). 


Crime  expands  according  to  our  willingness  to  put  up  with  it.  (Barry  Farber,  in  3,500 
Good  Quotes  for  Speakers,  Gerald  ¥.  Lieberman,  Ed.,  Doubleday,  Garden  City  NY  1983  d 

62.)  /  '  -F- 

Application  or  Application  Program 

An  application  (short  for  application  program)  is  a  computer  program  designed  to 
perform  a  specific  type  of  function  to  users  or,  other  application.  Word  processors, 
database  programs,  Web  browsers,  and  spreadsheets  are  examples  of  application  types. 
Microsoft  Word  is  a  specific  application.  Applications  normally  run  under  a  computer's 
operating  system.  Applications  (feeware)  may  be  licensed  (out-of-the-box  purchase), 
leased  (via  an  active  service  page,  or  ASP),  or  individually  developed  (in-house  or  under 
contract).  They  may  be  resident  on  a  specific  computer  (such  as  a  laptop  or  notebook)  or 
shared  via  a  local  area  network  server.  If  shared,  the  purchaser  will  contract  with  the 
supplier  for  the  number  of  seats /licenses  to  be  supplied.  Shareware  are  applications  or 
knowledge,  information,  and  data  (KID)  provided  at  no  immediate  cost  to  the  user,  but 
often  users  are  requested  to  send  nominal  amounts  of  funds  to  the  developer.  This  is 
usually  done  via  the  honor  system. 

Applications  in  development  may  be  provided  free  to  users  for  specified  periods  in 
order  to  obtain  comments  from  the  initial  users  or  Beta  testers.  Similarly,  service 
providers  (e.g.,  ASPs)  may  provide  free  trial  periods  to  prospective  users.  Freeware, 
however,  is  provided  free  to  all  users.  Applications  are  subject  to  archetypal  polarity 
stresses:  centralized  versus  decentralized  control,  off-the-shelf  versus  tailored,  etc.  For 
example,  the  Navy/Marine  Corps  Intranet  (NMCI)  establishes  the  possibility  of  the  seat 
management  contractor  maintaining  Navy-provided  applications  that  would  then  be 
available  to  virtually  all  users  of  NMCI.  Furthermore,  Task  Force  Web  (TFW)  was  created 
to  "webify"  the  Navy.  These  developments  have  highlighted  the  vast  number  of  existing, 
special  applications.  Many  of  these  applications  are  largely  redundant  in  their  operations 
and  results.  Thus,  the  Navy  Department  is  actively  analyzing  its  entire  application  set  in 
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order  to  reduce  their  numbers.  Otherwise  the  twin  objectives  of  webification  and  utilizing 
NMCI  would  not  be  affordable.  The  upside  of  this  exercise  lies  not  only  in  the  advantages 
of  standardization  (and  the  possibility  of  integrating  lessons  learned)  but  also  in  reduced 
software  maintenance  costs  resulting  from  a  reduced  application  set. 

The  secret  of  worthy  achievement  is  to  play  the  game  better  today  than  we  played  it 
yesterday.  (W.  H.  Clark,  "The  Mystic  in  Time  and  Space,"  Rosicrucian  Digest,  1973,  Vol.  LI, 

No.  9,  p.  33.) 

Application  Programming  Interface  (API) 

A  methodology  whereby  a  software  application  provider  retains  the  product  until  a 
subscriber  accesses  it  (usually  over  the  Internet)  and  charges  the  customer  on  a  pay-per- 
use  basis.  It  could  be  considered  a  thin-client  type  approach.  The  open  database 
connectivity  (ODBC)  was  originated  by  Microsoft  but  is  now  an  open  standard.  It  requires 
a  separate  module  or  driver  for  each  database  to  be  accessed.  It  uses  structured  query 
language  (SQL).  Alternatively,  the  object  linking  and  embedding  database  (OLE  DB) 
offers  universal  data  integration  over  an  enterprise's  network  (mainframe  to  desktop) 
regardless  of  data  type  (not  restricted  to  SQL).  Can  use  spreadsheets,  e-mail,  etc.  See 
http:/ / www.microsoft.com/ data/oledb/prodinfo.htm  (IRMC  Data  Management 
Strategies  and  Technologies  Course). 

Change  ideas  will  only  have  resonance  for  us  if  they  respond  to  our  own 
preoccupations,  doubts,  hopes,  and  fears.  (Stephen  Denning,  The  Springboard,  Butterworth- 
Heinemann,  Boston,  2001,  p.  194.) 

Application  Service  Provider  (ASP) 

An  ASP  is  a  company  that  provides  businesses  with  access  to  application  programs 
via  the  Internet.  The  application  resides  on  the  ASP's  site,  and  the  user  organization  pays 
a  license  fee  or  other  form  of  usage  charge  (number  of  users,  amount  of  time  used,  etc.). 
This  is  a  form  of  fee  for  service  similar  to  pay-per-view  television.  Tradeoffs  are  similar  to 
buy /lease  or  build/buy  business  decisions.  They  are,  therefore,  amenable  to  decision 
theory  solutions.  Response  times,  user  locations,  and  versioning  are  important 
considerations. 


A  journey  of  a  thousand  miles  must  begin  with  a  single  step.  (Lao  Tzu,  The  Way  of  Lao 
Tzu,  p.  64,  quoted  by  John  Bartlett  in  Familiar  Quotations;  Little,  Brown  &  Co.,  Boston,  1968, 
p.  74b.) 

Architecture — see  Architecture  Framework 

1)  The  art,  science,  and  process  of  designing,  building,  or  constructing  a  product  or 
resulting  structure  of  that  process.  Architects  originally  and  literally  designed  buildings, 
bridges,  etc.,  in  conjimction  with  mechanical  engineers,  etc.  With  the  advent  of  computers 
and  systems  engineers,  systems  designers  create  systems  architectures.  In  a  metaphorical 
sense,  architecture  may  be  conceptual  in  nature — one  can  be  the  architect  of  one  s  success 
or  of  a  military  victory. 
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2)  Each  federal  agency  has  been  required  to  create  an  overall  architecture  for  its  IT. 
These  vary  widely  in  type,  number  of  components,  etc.  The  Department  of  Defense 
submitted  (as  required)  a  three-level  or  view  architecture  consisting  of  operational, 
systems,  and  technical  views  of  components,  their  relationships,  and  the  principles  and 
guidelines  governing  their  design  and  evolution  over  time.  Its  three  major  perspectives 
are  defined  in  DoD's  Command,  Control,  Communications,  Computer,  and  Intelligence 
(Cl)  Architecture  Framework.  See  also  the  Cl  Support  Plans  (C'ISP). 

3)  A  set  of  modules  or  components,  a  map  depicting  how  they  are  connected,  and  a  set 
of  interaction  rules  between  them. 

4)  The  structure  of  the  components  of  a  program  or  system,  their  interrelationships, 
principles,  and  guidelines  governing  their  design  and  evolution  over  time  (IRMC 
Advanced  Software  Acquisition  Management  Course). 

Certain  people  make  history  and  others  build  a  house  in  the  suburbs.  (C.  G.  Jung, 

Analytical  Psycholog}/,  itf  Theory  and  Practice,  Pantheon  Books  (Random  House),  New  York 
1968,  p.  143.) 

Architecture  Framework 

An  architecture  framework  provides  a  consistent  means  of  documenting  the 
enterprise  IT  architecture.  The  formal  Department  of  Defense  (DoD)  architecture 
framework  specifies  graphical  and  textual  formats  (and  terminology)  for  capturing 
information  flow,  data  formats,  systems  connectivity,  and  technical  standards.  The  DoD 
architecture  framework  specifies  products  to  support  three  separate,  but  interrelated 
views  of  the  architecture: 

1)  Operational:  a  description  of  the  tasks  and  activities,  operational  nodes,  and 
information  exchange  requirements  between  nodes.  The  operational  view  is  technology- 
independent. 

2)  Systems:  a  graphical  and  textual  description  of  systems  and  interconnections  used 
to  satisfy  the  operational  needs  described  in  the  operational  view. 

3)  Technical:  the  minimal  set  of  rules  governing  the  arrangement,  interaction,  and 
interdependence  of  system  parts  or  elements  (see  C1SR  Architecture  Framework).  Tlaese 
three  have  previously  been  referred  to  as  architectures,  but  actually  they  (except  for  the 
systems  architecture)  are  not  actually  architectures.  The  Joint  Technical  Architecture 
QTA),  for  instance,  resembles  a  replacement  for  the  DoDISS  (a  now-obsolete  list  of  DoD 
instructions  and  standards)  and  is  not  an  architecture  at  all,  but  merely  a  structured  list  of 
allowable  requirements  documents  and  specifications.  Thus,  DoD  has  revised  its 
terminology,  referring  to  the  three  as  "views."  However,  in  a  more  generic  sense,  a 
framework  is  an  architecture  without  its  defining  rules  set.  The  components  of  an 
architecture  or  framework  may  be  described  in  a  technical  reference  model  (TRM)  (IRMC 
New  World  of  the  CIO  Course). 

Only  childish  people  imagine  that  the  world  is  what  we  think  it  is.  The  image  of  the 
world  is  a  projection  of  the  world  of  the  self,  as  the  latter  is  an  introjection  of  the  world.  (C. 

G.  Jung,  Analytical  Psychology,  Its  Theory  and  Practice,  Pantheon  Books  (Random  House), 

New  York,  1968,  p.  66.) 
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Architectures  and  Infrastructures— see  Architecture  and  Architecture  Framework 

One  of  the  10  federal  chief  information  officer  (CIO)  competencies,  specified  by  the 
Federal  CIO  Coimcil  Executive  Board,  included  in  the  IRMC's  curriculum  for  the  CIO 
certificate.  An  information  technology  architecture  (ITA),  according  to  the  Clinger-Cohen 
Act,  is  "an  integrated  framework  for  evolving  or  maintaining  existing  IT  to  achieve  the 
agency's  strategic  goals  and  [information  resource  management]  goals."  An  adequate  ITA 
aligns  IT  processes  with  agency  mission  and  goals;  proves  interoperability,  redundancy, 
and  security;  and  applies  standard  evaluation  measures.  Architectures  focus  on  work 
processes,  information  flows,  and  standards.  They  employ  technology  as  an  enabler,  not  a 
process  driver.  The  developer's  assumptions  in  creating  commercial  products  must  be 
considered  when  creating  a  systems  architecture;  there  are  important  intangible  aspects  to 
products.  In  addition  to  the  DoD  architecture,  described  under  architecture  and 
architecture  framework,  others  have  delineated  many-layered  architecture  models 
including:  enterprise,  operational,  functional  or  information,  technical,  system  or  physical, 
hardware,  and  software  architectures  (IRMC  New  World  of  the  CIO  Course  and 
Advanced  Software  Acquisition  Management  Course). 

The  cruel  thing  about  life  is  that  it  has  the  nasty  habit  of  twisting  what  was  meant  to  be 
into  what  is.  {Nash  Bridges  [actor  Don  Johnson],  television  show.) 

Artificial  Intelligence  (AI) 

Computer  techniques  (usually  via  software)  that  attempt  to  solve  problems  without 
human  intervention.  Such  techniques  include:  expert  systems,  neural  networks,  case- 
based  reasoning,  intelligent  agents,  and  genetic  algorithms  (IRMC  New  World  of  the  CIO 
Course).  See  Neurosciences:  Dana  Alliance  for  Brain  Initiatives: 
http:  /  /  www.dana.org/brainweb. 

The  important  thing  is  this:  to  be  able  at  any  moment  to  sacrifice  what  we  are  for  what 
we  could  become.  (Charles  du  Bois,  poster.) 

Assumptions — see  Vision 

Preconceptions  of  reality.  They  are  unproven  "givens."  In  geometry,  they  are  stated 
up  front  (explicitly)  prior  to  beginning  a  "proof."  Most  assumptions,  however,  are 
implicit  or  tacit.  Unshared  assumptions  cause  communications  problems.  Shared 
assumptions  (e.g.,  organizational  vision  or  mission)  create  teamwork.  It  has  been  said  that 
unreality  is  created  when  a  person  forms  an  explicit  conclusion  about  reality  and  turns  it 
into  an  implicit  assumption  about  reality.  Essentially,  this  process  is  the  assumption  of 
linearity.  A  particular  case  or  instance  (discrete  occurrence(s))  is  generalized  and 
internalized  by  an  individual  so  as  to  affect  his  or  her  worldview  or  mindset.  Such 
occurrences  are  usually  not  statistically  significant  and  may  be  quite  false.  Superstitions, 
stereotypes,  and  most  prejudices  are  examples  of  this  process. 

Organizations  have  assumptions  about  their  environment,  mission,  and  core 
competencies  that  should  fit  reality  as  well  as  one  another.  In  other  words,  they  should  be 
both  internally  and  externally  consistent.  They  should  be  tested  continually  (reality 
checked),  especially  in  a  rapidly  changing  environment.  Peter  Drucker,  in  "Theory  of 
Business"  (Harvard  Business  Review,  1994,  September-October,  94506),  suggests  that  one 
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study  noncustomers  to  determine  signs  of  chang^to  be  market-driven,  not  just 
customer-driven.  Furthermore,  both  unexpected  failure  and  unexpected  success  are  signs 
that  one's  theory  of  business  (assumptions)  is  out  of  date.  Marcel  Proust  said  "The  real  act 
of  discovery  consists  not  in  finding  new  lands  but  in  seeing  with  new  eyes"  (IRMC 
Leadership  for  the  21  Century  Course).  Organizations  should  consider  the  prevalence 
and  applicability  of  the  business  and  marketing  life  cycles  (which  resemble  sine  or  cosine 
waves  and  the  normal  distribution.  They  should  also  consider  Thomas  Kuhn's  classic 
work  The  Structure  of  Scientific  Revolutions,  in  which  he  described  paradigms  and 
paradigm  shifts  as  well  as  his  statement  that,  "I'm  much  fonder  of  my  critics  than  my 
fans"  (quoted  by  James  Pinkerton  in  "Paradigm  Lost:  Thomas  Kuhn  Shifted  the  Ideas  of 
Many  a  Wonk,"  The  Washington  Post,  1996,  June  21)  (IRMC  Leadership  for  the  2r'  Century 
Course). 


People  unhesitatingly  project  their  own  assumptions  about  others  on  to  the  persons 
concerned  and  hate  or  love  them  accordingly.  (C.  G.  Jung,  The  Structure  and  Dynamics  of  the 
Psyche,  CW8,  Pantheon  Books,  New  York,  1960,  p.  308.) 

1  know  it  as  much  as  anyone  knows  anything.  Knowledge  is  just  opinion  that  you  trust 
enough  to  act  upon.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books  New  York 
1996,  pp.  113-114.) 

Asymmetric  Cryptography 

A  type  of  cryptography  in  which  two  different  keys  are  used  for  encryption  and 
decryption  respectively.  Pretty  good  privacy  and  public  key  infrastructure  (PKI)  use 
asymmetric  cryptography.  PKI's  use  of  a  public  key  allows  people  without  a  preexisting 
security  arrangement  to  exchange  messages  securely.  Symmetric  cryptography  does  not 
allow  this.  See  cryptography  and  encryption. 

Never  answer  an  anonymous  letter.  (Yogi  Berra,  The  Yo^^i  Book,  Workman  Publications, 

New  York,  1998,  p.  93.) 

Asymmetric  Dominance 

A  psychological  factor  considered  in  utility  theory  (part  of  decision  theory)  that 
disallows  comparisons  of  outcomes  using  simple  mathematics — dollars  or  funds — 
because  people  do  not  value  dollars  in  a  constant  manner.  It  is  analogous  to  the  fact  that 
people  do  not  experience  time  in  a  constant  manner — to  people  time  is  subjective,  not 
objective. 


An  interesting  and  important  instance  of  this  phenomenon  is  the  case  of  the  "attraction" 
or  "asymmetric  dominance  effect,"  which  has  received  a  good  deal  of  attention  in  the 
decision-making  and  marketing  literature.  Given  a  group  of  objects,  an  asymmetrically 
dominated  alternative  is  dominated  by  at  least  one  of  the  other  alternatives  but  not  by 
another.  However,  assume  the  product  category  is  "stereo  cassette  recorders"  and  that 
compehng  objects  are  distinguished  by  the  two  attributes  of  "sound  quality"  and 
"reliability."  Brand  A  has  a  sound  quality  rating  of  65  and  a  reliability  rating  of  90,  while 
brand  B  has  a  sound  quality  rating  of  90  and  a  reliability  rating  of  65.  A  consumer  prefers  B 
to  A  (presumably  because  the  customer  values  reliability  more  than  sound  quality). 

Suppose  a  third  object,  C,  is  introduced  with  a  sound  quality  rating  of  60  and  a  reliability 
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rating  of  85— in  other  words,  C  is  dominated  by  A  but  not  by  B.  It  turns  out,  however,  that  if 
our  consumer  is  typical,  when  confronted  with  the  new  set  of  choices,  the  customer  now 
prefers  A  to  B,  a  reversal  of  the  previous  preferences.  .The  phenomenon — which  is  weU 
known  to  retailers  everywhere  as  evidenced  by  the  way  they  arrange  their  product 
assortments  on  shelves — is  an  important  example  of  how  "Imowers"  use  contextual 
properties  of  data  to  value  information.  (Rashi  Glazer,  "Measuring  the  Knower:  Towards  a 
Theory  of  Knowledge  Equity,"  California  Management  Review,  Berkeley,  CA,  Spring  1998, 

Vol.  40,  Issue  3,  pp.  175-194.) 

Asynchronous  Transfer  Mode  (ATM) 

ATM  is  a  high-performance,  cell-oriented,  switching  and  multiplexing  technology  that 
uses  fixed-length  packets  to  carry  different  types  of  traffic.  ATM  can  reduce  infrastructure 
costs  through  efficient  bandwidth  management.  The  term  asynchronous  is  usually  used  to 
describe  communications  in  which  data  can  be  transmitted  intermittently  rather  than  in  a 
steady  stream.  It  is  analogous  to  multiprocessing  using  computer  interrupts  whereby  a 
program  runs  in  order  of  priority  when  computer  cycles  (time  slices)  are  available.  With 
ATM,  signal  transmissions  are  not  synchronized;  transmissions  are  ad  hoc  versus 
prearranged  in  time,  thus  saving  wait  time  between  transmissions.  Most  computer 
transmissions  (sending  text  to  a  printer,  for  instance)  can  occur  at  any  time  and  at 
irregular  intervals.  Commimication  within  a  computer,  however,  is  synchronous  to  the 
degree  that  it  is  governed  by  the  microprocessor  clock.  Computer  operations  (e.g.,  signal 
transmissions)  can  only  occur  only  at  specific  points  in  the  clock  cycle  (adapted  from 
Glossary  ofIM/IT  &  KM  Terms). 

It  is  quite  impossible  that  the  noble  organs  of  human  speech  could  be  replaced  by 
ignoble,  senseless  metal.  (Jean  Bouillaud,  member  of  the  French  Academy  of  Sciences, 
referring  to  Thomas  Edison's  phonograph.  (Christopher  Cerf  and  Victor  Navasky  in  The 
Experts  Speak,  Villard,  NY,  1984,  p.  226.) 

Attribute 

A  property  or  characteristic  of  one  or  more  entities;  for  example,  color,  weight,  sex. 
Also  a  property  inherent  in  an  entity  or  associated  with  that  entity  for  database  purposes 
(DoD  8320.1-M,  Data  Administration  Procedures)  (IRMC  Data  Management  Strategies  and 
Technologies  Course).  Attributes  form  the  essence  of  technical  metadata  that  form  the 
structure  of  databases.  Data  elements  are  the  identifiers  for  data  entities  and  attributes. 

Malu  isn't  stupid  enough  to  think  you  can  isolate  facts  from  their  context  and  have 
them  still  be  true.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New  York, 

1996,  p.  163.) 

Audit— see  Federal  Information  Technology  Security  Assessment  Manual  (FISCAM) 

An  audit  is  a  review  and  analysis  of  existing  documentation  and  resulting  processes, 
procedures,  and  operations.  It  is  the  first  and  lowest  level  of  testing  a  system.  Information 
security  includes  penetration  tests  as  the  intermediate  level  and  red  team  attacks  as  the 
highest  level.  Audits  are  performed  by  various  agencies  within  specific  domains.  Many 
people  are  familiar  with  Internal  Revenue  Service  audits  of  individual  tax  returns  (Form 
1040).  In  the  world  of  knowledge  management  and  information  technology,  audits  can  be 
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done  on  each  level  of  knowledge,  information,  and  data  or  performed  within  a  specific 
federal  chief  information  officer  (CIO)  competency  (as  codified  by  the  IRMC).  Thus,  an 
organization  could  perform  a  data,  information,  or  knowledge  audit.  Alternately,  it  could 
perform  an  information  assurance,  policy,  or  capital  investment  audit.  Audits  can  be  very 
useful  m  assessing  system  changes  and  dynamics.  An  initial  audit  can  establish  a  starting 
point  or  baseline  prior  to  imposition  of  any  proposed  changes,  for  instance.  Later  audits 
can  measure  changes  from  the  initial  or  baseline  state  and  progress  towards  a  prestated 
goal(s).  See  the  General  Accounting  Office's  Federal  Information  System  Controls  Audit 
hAanual,  which  provides  guidance  for  evaluating  general  and  application  controls  over  the 
integrity,  confidentiality,  and  availability  of  data  maintained  in  computer-based 
information  systems.  FISCAM  is  the  primary  information  security  audit  methodology. 
The  National  Institute  for  Standards  and  Technology  has  an  extensive,  complementary 

questionnaire  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 


It  is  not  pleasant  to  be  treated  like  a  dock  by  some  clever  but  essentially  unsympathetic 
person  who  wants  to  take  you  apart  to  see  what  makes  you  tick!  (Robertson  Davies,  One 
Half  of  Robertson  Davies,  Viking  Press,  New  York,  1977,  p.  132.) 

Authentication/Identification — see  Passwords 

The  process  of  establishing  the  validity  of  a  transmission,  message,  or  originator,  and 
verifying  that  the  user  is  authorized  to  receive  specific  categories  of  information. 
Authentication  is  the  final  "A"  in  the  information  assurance  acronym,  CIANA 
(confidentiality,  integrity,  availability,  nonrepudiation,  and  authentication),  which 
itemizes  the  major  factors  in  computer  security.  Dial-back  modems  require  users  to  enter 
a  username  or  password  upon  connection  (via  dial-up).  The  network  modem  then 
disconnects  and  looks  up  the  authorized  remote  telephone  number  for  the  connecting 
user.  It  then  dials  the  remote  modem  and  re-establishes  the  connection.  This  procedure 
short-circuits  hacker  war-dialing;  other  approaches  include  Microsoft's  challenge 
handshake  authentication  protocol  (CHAP) — from  http:  /  /  www.microsoft.com  / 
technet/ security/  or  http:/ / www.microsoft.com/  /tecl-met/defaiilt.ac^p  and  search  for 

CHAP  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 


One  went  to  the  door  of  the  Beloved  and  knocked. 

A  voice  asked,  ''Who  is  there?" 

He  answered,  "It  is  I." 

The  voice  said,  "There  is  no  room  for  Me  and  Thee." 

The  door  was  shut. 

After  a  year  of  solitude  and  deprivation  he  returned  and  knocked. 

A  voice  from  within  asked,  "Who  is  there?" 

The  man  said,  "It  is  thee." 

The  door  was  opened  for  him. 

(Jalaluddin  Rumi,  quoted  by  Idries  Shah  in  The  Sufis,  Anchor  Books  [Doubledav  &  Co  ] 
Garden  City,  NY,  1971,  p.  357) 
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Authenticode 

Software  that  is  signed  by  the  originator.  User  protection  is  quite  limited  since  the 
quality  (lack  of  malicious  embedded  code)  cannot  be  ascertained.  It  does  not  protect 
against  viruses,  bugs,  etc.  Both  audit  trails  and  the  authenticode  software  itself  are 
vulnerable  to  attacks  (IRMC  Managing  Networked  Security  in  a  Networked  Environment 
Course). 

The  truth  is  the  only  thing  worth  believing,  isn't  it?  If  you  can  know  it . . .  but  if  you 
won't  believe  the  truth,  someone  has  to  help  you  come  up  with  plausible  lies,  don't  they? 

(Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New  York,  1996,  p.  157.) 

Authoritative  Sources 

Approved  repositories  for  data,  information,  and  knowledge.  They  are  used  in  many 
disciplines  that  apply  their  own  rules  and  methods  for  authenticating  the  content  of  the 
accepted  sources.  Some  (e.g.,  IRMC's  Developing  Enterprise  Security  Strategies, 
Guidelines,  and  Policies  Course  and  journals  such  as  the  Accjuisition  Review  QuciTtevly) 
require  peer  review  by  acknowledged  discipline  leaders  in  accordance  with  accepted, 
stated  standards  for  that  discipline.  This  peer  review  of  centralized  information, 
applications,  etc.,  lends  authority  to  the  content.  There  are  various  examples  of 
authoritative  sourcing  within  KM.  In  a  KM  portal,  a  content  management  policy  with 
embedded  peer  review(s)  and  stated  standards  "acts  as  the  authoritative  source  of 
organizational  knowledge."  Without  authoritative  sourcing  of  content,  knowledge 
workers  cannot  place  trust  in  the  knowledge  object,  thwarting  knowledge  generation  and 
sharing  (Kim  Guenther,  et  al.,  "Knowledge  Management:  Benefits  of  Intranets,  Online, 
2001,  Vol.  25,  Issue  No.  3,  May-June  [USA]). 

Whether  you  trust  somebody  or  distrust  him  has  a  lot  more  to  do  with  the  kind  of 
person  you  are  than  the  kind  of  person  he  is.  (Orson  Scott  Card,  Shadow  of  the  Hegemon,  Tom 
Doherty  Associates,  New  York,  2000,  p.  153.) 

Automatic  Speech  Recognition  (ASR) 

The  ability  of  a  computer  to  recognize  human  speech  (audio)  directly  so  as  to  create  a 
document  (e.g.,  in  Microsoft  Word).  ASR  software  packages  match  the  user's  sound 
waves  against  prerecorded  phoneme  sound  patterns  (similar  to  a  dictionary  of  sounds). 
Accuracy  has  increased  dramatically  in  recent  years  so  as  to  be  95  percent  accurate.  With 
ASR,  the  user  speaks  out  loud  into  a  microphone  and  the  computer  types  the  words  onto 
the  screen.  ASR  does  not  translate  the  words,  however,  it  merely  transforms  the  sounds 
into  words.  Natural  language  processing  (NLP)  provides  "understanding.''  ASR  is 
analogous  to  data  management  versus  NLP's  information  management.  Highly  accurate 
ASR  packages  are  now  available  at  minimal  cost  (under  $30). 
http:  /  /ai.iit.m-c.ca /subjects /Speech.html;  http:  /  /  www.dragonsys.com; 
http:  /  /  www.software.ibm.com/speech/ ;  (IRMC  Critical  Information  Systems  Technologies 
Course). 


Speech  ...  is  an  invention  of  man's  to  prevent  him  from  thinking.  (Agatha  Christie,  The 
ABC  Murders,  Pocket  Books,  New  York,  1974.) 
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Availability 

1)  Availability  is  represented  by  the  first  "A"  in  the  information  assurance  acronym, 
CIANA  (confidentiality,  integrity,  availability,  nonrepudiation,  and  authentication), 
which  Itemizes  the  major  factors  in  computer  security.  It  refers  to  timely,  reliable  access  to 
data  and  services  for  authorized  users  and  includes  the  restoration  of  services  after  an 
interruption.  Thus,  it  is  related  to  critical  infrastructure  protection  (CIP). 

2)  In  weapon  systems,  availability  refers  to  the  percentage  of  time  that  a  system  is 
usable  by  operators  (uptime  and  downtime).  There  are  basically  two  types  of  availability, 
operational  and  inherent.  They  are  frequently  confused.  Operational  availability  (A,,)  is  a' 
function  of  the  mean  logistics  delay  time  (MLDT),  the  mean  time  to  repair  (MTTR),  'and 
the  mean  time  between  failures  (MTBF).  These  may  be  modified  when  faults  (noncritical 
losses  in  abilities)  are  differentiated  from  critical  mission  failures.  Since  A^,  depends  on 
factois  outside  the  control  of  system  developers  (i.e.,  MLDT),  they  attempt  to  optimize  the 
inherent  availability  (A,)  of  the  system.  A,  is  calculated  the  same  way  as  A^,  but  excludes 
the  MLDT  (equates  it  to  1  or  100  percent). 

After  President  Coolidge  issued  his  famous  "I  do  not  choose  to  run"  statement,  he  was 
besieged  by  reporters  seeking  a  more  detailed  statement.  One  more  persistent  than  his 
fellows  followed  Mr.  Coolidge  to  the  door  of  his  library.  "Exactly  why  don't  you  want  to  be 
I  lesident  again,  Mr.  Coolidge?"  he  asked.  Coolidge  turned  and  looked  him  squarely  in  the 
eye,  "Ikxrause,"  he  answered,  "there's  no  chance  for  advancement."  (Quoted  by  Jacob 
Braude  in  Niiv  Traisun/  of  Stories  for  Eveiy  Spcakiiiy  and  Writing  Ocension,  Prentice  Hall,  Inc., 
Englewood  Cliffs,  Nj,  June  1961,  p.  17.) 

A-11  (Preparation  and  Submission  of  Annual  Budget  Estimates)— see  Clinger-Cohen  Act 
OMB  CiiLuInr  A-11,  part  3,  states  that  "the  capital  programming  process  is  useful  for 
all  long-term  investments  in  capital  assets.  Full  analysis  and  management  should  be 
applied  to  capital  assets  (including  major  modifications  or  enhancements  for  existing 
systems)  that  meet  the  criteria  for  a  major  acquisition.'"  "Major  acquisitions  are  capital 
assets  that  require  special  management  attention  because  of  their  importance  to  the 
agency  mission;  high  development,  operation,  or  maintenance  costs;  high  risk;  high 
return;  or  their  significant  role  in  the  administration  of  agency  programs,  finances, 
property,  or  other  resources.  Capital  assets  are  "land,  structures,  equipment,  and 
intellectual  property  (including  software)  used  by  the  federal  government  and  have  an 
estimated  useful  life  of  two  years  or  more."  "The  cost  of  a  capital  asset  is  its  full  life-cycle 
costs,  including  all  direct  and  indirect  costs  for  planning,  procurement,  operations  and 
maintenance,  including  service  contracts,  and  disposal."  OMB's  Capital  Planning  Guide  is 
part  of  A-l  l.  It  describes  the  "capital  planning  cycle"  in  detail,  including  the  Department 
of  Defense  s  planning  and  programming  phases  of  the  planning,  programming,  and 
budgeting  system  (PPBS).  "Even  though  IT  grows  cheaper  each  year,  we  spend  more  on  it 
each  year  and  according  to  Fortune  magazine,  "as  of  1992,  most  of  the  capital  investing 
being  done  in  the  United  States  is  for  IT"  (IRMC  New  World  of  the  CIO  Course).  See  part 
3,  July  1997:  httpiZ/wwww^^  / omb/ circulars/all  /cpgtoc.html. 
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Any  forecast  is  useful ...  providing  the  forecaster  does  not  believe  it.  (George  Steiner, 

Top  Management  Planning,  1969,  New  York,  MacMillan  &  Co.,  p.  223.) 

A-76,  August  4, 1983,  Performance  of  Commercial  Activities  see  Defense  Reform  Initiative 

Circular  A-76  Outsourcing  states  the  national  policy  that  the  government  shall  not 
compete  with  its  citizens,  so  the  government  should  rely  on  commercial  sources  for  its 
needs.  Outsourcing  involves  a  competition  between  public  and  private  sector  entities. 
While  contracting  out  involves  hiring  a  private  sector  organization  to  do  work  for  the 
government,  outsourcing  could  be  to  another  government  activity  or  agency.  For 
example,  the  Department  of  Agriculture  had  a  software  activity  that  bid  and  won 
Departnent  of  Defense  (DoD)  software  development  efforts.  With  both  contracting  out 

and  outsourcing,  DoD  retains  financial  and  managerial  ^  e 

privatization,  these  are  shifted  to  the  private  sector  along  with  the  effort.  The  U.S.  Post 
Office  and  Conrail  are  examples  of  privatization.  A-76  addresses  outsourcing  vers 

revised  in  March  1996,  explains  how  lo  conduct  an 
A-76  study.  It  provides  examples  of  commercial  activities  that  can  be  performed  y 
private  industry.  Most  IT  activities  are  included.  But  it  does  not  assume  that  sue 
Ltivities  should  be  performed  outside  the  government.  Rather,  a  solicitation  is  used  to 
obtain  the  lowest  cost  to  the  government.  Bidders  can  be  from  private  in  us  y  or  rom 
government  agencies  (including  other  than  the  incumbent  activity  or 
Lree  choices  are:  incumbent,  contract,  and  interservice  support  agreements  (ISSA)  w 
another  government  activity.  The  incumbent's  costs  are  based  a  most  efficient 
organization  (MEO).  Thus,  the  incumbent  can  reorganize  into  a  MEO  to  be  more 
competitive.  If  the  incumbent  wins  the  competition,  it  must  become  the  MEO  even  if  this 
requires  a  reduction  in  force  (RIE)  reorganization,  etc.  The  MEO  must  be  realistic  to  be 
coLdered.  Thus,  costs  are  reduced  even  if  the  incumbent  wins.  During  the  2000  A-76 
DoD  competitions  between  1978  and  1994,  the  MEO  reengineering  process  resulted  in  SO¬ 
BS  percenLductions  in  government  employees  and  22-35  percent  reductions  in  annual 
costs.  Historically,  private /public  sector  wins  have  been  about  even.  In-house  cos 
estimates  are  based  upon:  personnel;  overhead /indirect;  materials  and  supp  Y' 
depreciation  and  cost  of  capital  and  rent;  operation,  maintenance  and  repair;  utilities, 
travel,  and  insurance;  MEO  subcontracts;  and  other  costs.  Personnel  costs  include  frmge 
benefits  (leave,  training,  etc.)  as  well  as  salary.  They  are  calculated  in  terms  of  full  time 
equivalents,  or  FTEs,  (Lrmalizing  efforts  by  a  standard  ^^.^^er  of  work  hou^ 
per  employee).  However,  the  incumbent  gets  a  10  percent  discriminator  differential  to 
cover  learning  curve  losses  from  switching  to  someone  else.  A  winning  bid  "^^st  thus 
reduce  costs  more  than  10  percent  of  the  incumbent's  personnel-relate  costs  (or  $10 
million  over  the  period  of  performance).  The  incumbent  also  doesn  t  pay  taxes  or 
dividends  (show  a  profit  to  stockholders).  The  private  sector  considers  this  unfair,  but 
courts  have  upheld  it  as  a  normal  incumbent  competitive  advantage. 

A  "Ereedom  from  Government  Competition  Act"  bill  failed  to  pass  Congress  in 
and  1997.  In  1997  the  EAA  awarded  a  $250  million  contract  to  the  Department  of 
Agriculture  for  data  processing  services.  Eurther  bills  were  proposed  in  19 
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Activities  Inventory 

Kelorm  Act  S314)  to  promote  outsourcing.  The  latter,  FAIR,  became  law  and  gave 
requrres  all  federal  agencies  to  implement  A-76.  It  supported  the  DRI  and  accmtuated 
core  govemrnent  functions.  DoD  outsourcing  goals  for  Fiscal  Year  2000-2005  cover 
compehhon  for  220,000  positions  (IRMC  New  World  of  the  CIO  Course).  See  "The  U  S 

1999Wnhr7/?‘  c  f°c  Environmental  Detachments"  (August  5, 

J  -  P  //DO»nfo.library.unt.edu/npr/  librarv/announr/nav.sp,r  html  (IRMC 

Leaderehip  for  the  21  Century  Course).  Franchising  occurs  when  a  government  activity 
marked  its  services  to  other  government  activities  on  a  "fee-for-service"  basis.  A-76  polhy 

performance  of  a  government-operated  commercial 
achvity  ,s  Perm^'ble,  a  comparison  of  the  costs  of  contracting  versus  in-house 
performance  shall  be  conducted  to  determine  who  will  do  the  work  " 

Past  performance  of  A-76  indicates  a  20-percent  in-house  average  savings  and  40- 
average  savings  in  2,138  competitions  for  81,990  FTEs  from  1978  to 

vipIdpH^r  ^  48  percent  government  and  52  percent  contractor  and 

yielded  31  percent  savings  ($1.47  billion).  Examples  of  commercial  activities  include- 
automated  data  processing  services  (programming,  systems  analysis,  systems 
engineermg/installation,  equipment  installation/operation/  maintenance)  and 

(managing  IT  systems/products/  distribution,  managing 
commumcahons  systems,  and  materials  management)  (IRMC  Advanced  Software 
Acquisition  Management  Course). 

/ gm4nfo.Iibrarv.unt.edii/npr/librai-v/gao/g^97n4H  pHf 
It  IS  a  characteristic  of  primitive  thinking  to  personalize  social  problems.  (Hans  J 

A-130  (Managemenl  Of  Federal  Information  Resources),  2/S/9<^-see  Federal  Managers 
omrp^l  hMpiZ/iminMbrar^^  r  ® 

Office  of  Management  and  Budget  (OMB)  Circular  that  vests  accountability  for  IT 
ZkmZ  ”  management.  It  requires  the  Defense  InformaHon  SysteL  Agency 

a  h?nefT  “  "ecessary  throughout  the  information  system  life  cycle 

a  beneht-cost  analysis  for  each  rnformation  system  ...  that  relies  on  systematic  measures  ’ 

of  mission  i^rformance  including  the:  (a)  effectiveness  of  program  delivery;  [and]  (b) 

Sr  W8  °n  Planning  Guidance  for  Fiscal 

1998,  p.  G-3)  (IRMC  Measuring  Results  of  Organizational  Performance  Course)  It 

103°”^"^  Computer  purity  Act  requirements  (IRMC  Assuring  the  Information 
^structure  Course).  A-130  requires  that  agencies  consider  risk  when  determining  the 
need  for  and  selecting  computer-related  control  techniques.  A-130  should  cover  each 
general  support  system  and  each  major  application.  Topics  required  by  A-130  include- 
les  of  the  system  or  application,  training,  personnel  controls  and  security,  incident 
response  capability,  continuity  of  support  and  contingency  planning,  technical  security 
and  controls,  system  interconnectivity  and  information  sharing,  and  public  acceT 
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controls  A-130  requires  agencies  to  review  information  system  security  once  every  three 
years  prior  to  system  accreditation;  FIPS  Pub  102,  Guideline  for  Computer  Security  and 
Accreditation,  provides  additional  guidance  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course). 

If  a  man  take  no  thought  about  what  is  distant,  he  will  find  sorrow  near  at  hand. 

(George  Steiner,  Top  Management  Planning,  MacMillan  &  Co.,  New  York,  1969,  p.  203.) 
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Balanced  Scorecard  http:  /  /www.balancedscorecard.org;  /default.html  (Balanced 

Scorecard  Institute)  ,  ,  ,  ^  j  r 

A  model  for  organizations  to  create  a  vision  and  strategy  that  balances  the  needs  o 

various  types  of  stakeholders  and  measures  progress  against  objectives  created  to  satisfy 
those  needs.  It  was  devised  by  Robert  S.  Kaplan  and  David  P.  Norton  and  promulgated  m 
"Using  the  Balanced  Scorecard  as  a  Strategic  Management  System/'  Harvard  Business 
Review  (1996,  January-February,  pp.  75-85).  The  model  includes  financial,  customer, 
internal  business  process,  and  learning  and  growth  as  dimensions  of  enterprise  success. 
Questions  asked  include:  "To  succeed  financially,  how  should  we  appear  to  our 
shareholders?  To  achieve  our  vision,  how  should  we  appear  to  our  customers?  To  achieve 
our  vision,  how  will  we  sustain  our  ability  to  change  and  improve .  To  satisfy 
shareholders  and  customers,  what  business  processes  must  we  excel  at?"  The  balanced 
scorecard  presents  a  more  complete  picture  of  an  enterprise  and  what  makes  it  a  success 
(IRMC  Leadership  for  the  21^‘  Century  Course).  See  Procurement  Executives'  Associahon 
Guide  to  a  Balanced  Scorecard  Management  Methodology,  (December  1998,)  and  Kaplan  and 
Norton's  The  Balanced  Scorecard:  Translating  Strategy  into  Action  (Harvard  Busmess  School 
Press,  Boston,  1996).  Department  of  Commerce  Guide:  http:/ / oamweb.osec.doc.goYZ 
bscZ-  The  Naval  Undersea  Warfare  Center,  Newport,  constructed  their  Balanced 
Scorecard  with  the  following  perspectives. 
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Naval  Undersea  Warfare  Center,  Division  Newport, 


Financial 

Customer 
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flow 

fGAO/MMn  Performance  and  Demonstrating  Results  of  IT  Investments 

T  ;  i'  exposure  draft  September  1997)  for  suggested  specific  measures  for 

p  jec  s  balanced  scorecards.  The  General  Service  Administration's  Performance-Based 
Management:  Eight  Steps  to  Develop  and  Use  IT  Performance  Measures  Effectively 
ym;/  / www.itpolicv.gsa.gov  /  mkm  /  pa  thwa vs  /p. h h.  states  (p.  47)  that  the 

nhW^"^  following  characteristics  for  IT  projects:  translates  business 

bjechyes  into  performance  measures,  serves  as  a  portfolio  of  measures  that  are 
mterrelated,  provides  a  comprehensive  view  of  the  entire  IT  function,  allows  a  project 

DrX^  operational  measures  to  be  used,  assesses  multiple 

projects  and  modules,  and  facilitates  integration  and  alignment  of  projects  to  common 

pSZc?''  H  °  Scorecard-Measures  that  Drive 

Performance,  Harvard  Business  Review,  (1992,  January-February)  and  "Putting  the 
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Balanced  Scorecard  to  Work"  Harvard  Business  Review,  (1993,  September-October)  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  Government  balanced 
scorecard:  mission  (accomplishment,  impact /results,  sponsor  satisfaction),  users  and 
direct  customers  (satisfaction,  relationship,  demand).  Internal  (quality,  efficiency, 
innovation),  enablers  (competency,  technology,  climate),  and  financial  (budget,  spendmg, 
ROI)  (IRMC  Advanced  Software  Acquisition  Management  Course). 


From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 


FAA's  Office  of  Human  Resources  Management:  Using  a  Balanced  Scorecard  to 
Translate  Human  Resources  Vision  into  Action:  http:  /  / unpanl .un.org / intradocZ 
arnnp<;/pnh1ir  /donnuentr/aspa/unoan(mmp±^  May  2002.  FAA  presentation  to 

Balanced  Scorecard  Interest  Group. 


the 


IRS  Balanced  Measures  and  Performance  Measurement:  http:/ /www.opm.gQv/ 
rnmpronf/po^tronffll/balance/dcrMieLhtal  April  2002.  IRS  presentation  at  OPM  s 
Strategic  Compensation  Conference  2001. 


Naval  Undersea  Warfare  Center  Balanced  Performance  Measures: 
http~  /  /w\vvv.nuwr.navv.mil/hq/ strategy  / strategicplan/ page^.html  [une —  ■ 

important  feature  of  our  Strategic  Plan  is  the  establishment  of  a  set  of  balanced 
performance  measurements  that  allow  us  to  assess  our  progress  towards  achieving  our 

strategic  goals." 

U  S  Department  of  Commerce  Acquisition  Community  -  Balanced  Scorecard. 

/  /'nnmwph  osec.doc.gov/bsc  AprU  2002.  Contains  information  and  links  related  to 

acquisition  performance  measures. 

Veterans  Benefits  Administration  Balanced  Scorecard:  http://www.opm.govZ 
rnmpronf /po^^tronfOl  /balance /dbralev.htm  April  2002.  VBA  Balanced  scorecard 
presentation  at  OPM's  Strategic  Compensation  Conference  2001. 

Our  Balanced  Scorecard  (University  of  California — Berkeley;  Business  and 

Administrative  Services):  httpiZZbMrberMeyreduZMancedS^^  _ 

December  2001.  Overview  of  BSC  used  by  USC-Berkeley's  Business  and  Admimstrative 
Services. 

Balanced  Scorecard— Overall  Priorities  FY  2002  (Washington  State,  Department  of 
Personnel)  http:  /  /hr.dop.wa.gov/geninfo/dop  bsc.htm  December  2001.  Department  of 
Personnel's  overall  balanced  scorecard  priorities  for  FY  2002. 


U.S.  Mint  Balanced  Scorecard:  httpZZappMiprrLgm^^^ 
r1ppiring.rfm?id=24  March  2002.  "By  surveying  its  customers  and  using  the  data  to  set 
goals  and  improve  its  performance,  the  Mint  dramatically  improved  its  customer 

service." 
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9nni  Scorecard  Interest  Group;  httpi/ /vvww.aspanetorg/bscorecard  December 

2001.  Tins  group  of  federal  agency  participants  convenes  monthly  to  learn  from  each 

c  managing  agency  operations  through  the  use  of  a 

anced  Scorecard  approach.  It  creates  an  opportunity  for  those  who  have  not  made  up 
their  minds  as  to  whether  this  is  a  useful  approach  to  come  and  learn,  and  for  those  that 
learned^^^  ^  balanced  scorecard  approach  to  exchange  experiences  and  lessons 

Th  Jr  Scorecard  Institute:  httpiZ/wn^l^^  December  2001. 

e  Balanced  Scorecard  Institute  is  an  independent,  nonprofit  source  of  information 
about  applications  of  the  balanced  scorecard  approach  to  management  in  government 
and  other  nonprofit  organizations.  ^ 

Balanced  Scorecard  in  the  Federal  Government  by  James  B  Whittaker- 

02.  One  of  the  most  successful  of  these  approaches  has  been  the  "Balanced 
corecar  ~a  new  corporate  favorite— adapted  specifically  for  implementation  in  the 
Federal  Government.  Describes  how  your  Federal  colleagues  are  achieving  operational 
excellence  and  enhancing  organizational  performance  using  this  successful  approach. 

And  '"r  Terentius  Afer,  c.190-159  B.C.,  Andrin  [The  Lady  of 

Ajidp]  1.61  from  Famdmr  Quotatwm  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p. 

Bandwidth  (BAY) 

The  difference  between  the  highest  and  lowest  frequency  (frequency  ranee)  for  data 

rans„.ss.on.  bandwideh  provides  an  indication  of  the  sVeed’of  transm£o“s, 

e  larger  the  bandwidth,  the  more  information  can  be  sent  in  any  given  period  of  time 

jTed^fj  J  inversely  proportional  to  the  wavelength.  Their  product  equals  the 

speed  or  light  in  vacuum.  ^ 

Not  by  age  but  by  capacity  is  wisdom  acquired.  (Titus  Maccius  Plautus,  254-184  B  C 
Borton”l968"  p  105b  )'  ^  Little,  Brown  &  Co.,' 

BaseLine  (B/L)— see  Benchmarking  and  Target/Threshold 

A  reference  standard  involving  the  identical  measurements  obtained  on  the  same 
group  of  cases  at  some  time  earlier.  Baseline  studies  attempt  to  show  that  an  intervention 
produced  a  gam  in  organizational  performance  by  comparing  a  measure  of  performance 
after  some  action  is  taken  to  a  measure  of  performance  before  the  action.  The  intervention 
IS  usually  considered  successful  if  the  "after"  metrics  exceed  the  "before"  or  baseline 
metrics  by  a  statistically  significant  amount  (under  the  same  conditions)  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  In  program  management 

projects  have  different  baselines  (e.g.,  allocated  and  product)  ardifferent  phases  of  the 
project  or  program.  ^  ^ 
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Getting  out  of  the  box  and  looking  back.  (Major  General  David  Richwine,  USMC, 

ASN[RDA],  April  15, 1994.) 

Base  Realignment  and  Closure  Act  (BRAC)  of  1993,1995,... 

Laws  that  consolidated  Department  of  Defense  (DoD)  bases/activities  and  relocated 
DoD  personnel.  Several  rounds  of  BRAC  were  conducted  in  response  to  the  all  of  the 
Soviet  Union  in  order  to  downsize  DoD  and  reduce  the  budget.  A  number  of  bases  were 
closed  and  others  were  relocated.  The  Space  and  Naval  Warfare  Systems  Command 
(SPAWAR)  was  relocated  from  Crystal  City  (Arlington,  VA)  to  San  Diego,  CA  (n^  old 
town"  campus).  Only  30  percent  of  its  employees  relocated  with  the  Command.  The  other 
70  percent  retired,  transferred  to  other  government  positions,  or  left  the  governmen  . 
Many  localities  were  financially  and  economically  affected  by  BRAC  but  it  did  reduce 
infraLucture  and  funding  for  DoD.  The  Naval  Air  Systems  Command  (NAVAIR)  was 
relocated  to  Patuxent  River,  MD;  the  Naval  Sea  Systems  Command  was  relocated  to  the 
Washington  Navy  Yard;  the  Naval  Supply  Systems  Command  was  relocated  to 
Mechanicsburg,  PA.  Virtually  the  entire  Navy  program  management  complex  in  Crystal 
City  was  relocated  elsewhere,  though  a  few  small  offices  and  liaison  persoimel  remain  in 
the  area.  Nonetheless,  due  to  budgetary  pressure,  aging  platforms  (especially  expensive 
ships  at  sea),  DoD  has  sought  to  continue  BRAC  rounds,  but  Congress  (due  to  economic 
and  political  considerations)  has  declined.  BRAC  has  sometimes  been  cited  as  an 
environmental  condition  conducive  to  or  motivating  organizations  to  implement  KM  due 
to  the  loss  of  knowledge-rich  employees  who  do  not  relocate  with  their  organizations. 

Recently,  economic  realities  have  forced  many  organizations  to  reduce  the  number  of 
employees  ...  Interestingly,  streamlined  units  often  become  more  responsive  to  the  public 
they  serve;  and,  frequently,  a  certain  amount  of  decentralization  of  power  occurs  (Murray 
Stein  and  lohn  Hollwitz,  Psyche  at  Work,  Workplace  Applications  ofjungtan  Analytical 
Psychology,  Chiron  Publications,  Wilmette,  IL,  1992,  p.  47.) 


Basic  Service  Set  (BSS)  . 

Subsystems  in  a  wireless  local  area  network  (LAN)  architecture  including  an  access 
point  (connected  to  the  LAN  distribution  system)  and  a  set  of  workstations.  An  extended 
^rvice  set  (ESS)  can  include  several  BSSs  and  or  BSSs  and  individual  workstations  (with 

their  own  access  points). 

You  never  know  till  you  try  to  reach  them  how  accessible  men  are;  but  you  must 
approach  each  man  by  the  right  door.  (Henry  Ward  Beecher,  Proverbs  from  Plymouth  Pulpit, 

1887,  from  The  International  Thesaurus  of  Quotations,  Rhoda  Thomas  Tripp,  Ed.,  Harper 
Row,  New  York,  1970,  p.  954,  entry  955,  No.  1.) 


Behaviorally  Anchored  Rating  (BAR)  Scale  i  i  u  ■  m  r 

A  scale  used  in  rating  forms  in  which  alternatives  are  listed  as  sample  behaviors  that 

are  developed  systematically  so  that  they  form  an  ordered  scale  from  low  to  high  in 
usually  seven  steps  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

One  day  when  Booker  T.  Washington,  the  famous  Negro  educator  was  in  haste  to  catch 
a  train,  he  hurried  to  a  horse-stand  and  asked  the  driver  of  a  cab  to  take  him  to  the  station. 

"No,"  replied  the  driver.  "I've  never  driven  a  black  man,  and  I  never  will.  All  right. 
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driv^nc  "  I'il  <^0  tl-ie 

?!4  K^I  cabby  did  as  he  was  bidden,  and  Washington  caught  his  train 

poted  by  Jac  J  Braude  in  Nrw  Treasury  of  Stories  for  Even,  Speaking  and  Writing  Occasion 
Englewood  Cliffs,  NJ,  Prentice  Hall  Inc.,  June  1961,  p.  339.) 

Ben^markmg— see  Baseline,  Performance  Measurement,  and  Target/Threshold 
e  process  whereby  an  existing  action,  product,  or  service  becomes  the  reference 
point  (yardstick)  against  which  similar  actions,  products,  or  services  are  measured;  use  of 
an  industry  or  government  standard.  Benchmarks  are  one  of  several  methods  used  to 
evaluate  performance  and  to  implement  metrics.  The  DON  CIO's  Metrics  Guide  is 
included  m  both  the  KCO  and  COP  CDs  (Toolkits). 

ITie  continuous  process  of  measuring  products,  services,  and  practices  against  the 
toughest  competitors  or  those  companies  recognized  as  industry  leaders  To  be 

tr  rTf  ^  particular  proportion 

o  the  benchmark  for  a  comparable  or  exemplary  organization  using  the  same 

measurement.  See  Greg  Hackett's  "Benchmarking  Your  Planning  and  Reporting 

aiu  S';P‘™>»='-0<:tober  1998,  pp.  45-16);  Christopher  Bogan 

and  M  chad  English  sBmchmarkmg  for  Best  Practices:  Winning  through  Innovative 
AdapUion  (McGraw-Hill,  New  York,  1996,  ISBN  0-07-006375-3);  and  Robert  Camo's 
Benchmarhn^.  The  Search  for  Industry  Best  Practices  that  Uad  to  Superior  Per/o™i,„c/(Quality 
Resources,  New  York,  1989,  ISBN  0-87389-058-2);  and  others  mancing  Measures: 

ZZn^‘trTr  r”'  P-tnersWp  for  Reinventing  Government, 

August  1999,  ilLtp./ / Sovinto.library  unt.edu /npr/librarv/n,inprQ/bhcrrd  / 

SmS)”"'*"'"’'  «-^2)  (IRMC  Measuring  Results  of  Organizational  Performance 

woi,lHT''a  u  ^  "lu  he  could  do  it  so  well  that  no  one  at  all 

would  find  fault  with  what  he  has  done.  (Cardinal  Newman,  quoted  by  Jacob  Braude  in 
NeioTreamtry  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Englewood  Cliffs  NJ 
Prentice  Hall  Inc.,  June  1961,  p.  274.) 


Benchmarking  and  Quality  Puhlimti mis  in  vaa 

Benc^arking  Reports  in  KM:  Mmh^-ww.benchniarkincYrppnrr.  cr.pn  / 
toovvledgemanagpTTipnf  ^ 

SECDEF  Quality  Management  Office:  http://qiialifv  di.n  mil  / 

U.S.  State  and  Local  Gateway:  http:  /  /  w ww.sta  teloca  I  .gov  /besfprar  h  tm  I 

Beowolf 

A  Lmux  product  enabling  a  person  to  create  a  virtual  supercomputer  from  a  large 

It  is  no  harder  to  build  something  great  than  to  build  something  good.  (Jim  Collins 
Good  to  Great,  Harper  Business,  New  York,  2001,  p.  205.)  ' 
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Best  Practices— see  Benchmarking 

Best  practices  are  those  generally  considered  to  be  superior  in  approach  and  results  to 
other  methods.  Such  practices  can  be  in  the  form  of  processes,  studies,  surveys,  or 
research.  They  may  represent  subject  matter  experts'  (SME)  experiences,  research  and 
industry  knowledge,  and  are  often  used  as  industry  benchmarks.  Best  Practices  often 
apply  across  many  differing  environments  and  organizations.  They  are,  however  time 
sensitive.  Also,  an  organization's  internal  practices  may  exceed  generally  accepted  best 

practices. 

Acquisition  Best  Practices:  http:  /  /www.arnet.^ov/Librai^^ 

Center  for  Army  Lessons  Learned:  http:/ /call.armymiil 
DoD  Installations  Successful  Practices  Menu: 

http:  /  /  www.acq.osd.mil  /  installation  /inst/ideas.html 
Randolph  Best  Practices  Clearinghouse: 
http-  /  /  www.afmia.randolph.af  .mil/ afmia/mip/afbp /index.htm 

SPAWARKnowledgeCente^^ht^lZSLspai^^  SPAWAR  Knowledge 

Center 

DISA:  http:  /  /quality.disa.mil  /bpd/index.cfm. 


Mndex.ctm. 


People  who  "make  the  best  of  things"  seldom  try  to  make  them  any  better.  (Jacob 
Braude,  Nm  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc., 

Englewood  Cliffs,  NJ,  June  1961,  p.  80.) 

Beta  testing  refers  to  the  testing  of  a  system  or  application  by  potential  users.  Alpha 
testing  is  done  by  the  developer  prior  to  beta  testing.  Beta  testing  (as  an  addendum  o 
alpha  testing)  has  the  advantage  of  eliciting  customer  perspectives  on  the  use  of  the  item 
being  tested.  Developers'  ideas  of  how  users  will  actually  employ  an  application  may  not 
be  very  accurate.  To  be  successful,  developers  must  obtain  accurate  feedback  from  beta 
testers  (users).  The  Navy  and  Defense  Department  have  employed  operational  testir^  tor 
decades.  After  contractor  testing  (if  the  item  is  built  under  contract),  government  techmca 
personnel  perform  a  TECHEVAL  or  technical  evaluation  of  the  item.  This  is  another 
phase  of  alpha  testing.  Following  successful  TECHEVAL,  however  an  independent 
agency  (e.g.,  OPTEVFOR,  the  operational  test  and  evaluation  force)  tests  and  evaluates 
the  item  (during  OPEVAL  or  operational  evaluation).  This  could  be  construed  as  a  beta 
test  since  actual  operators  (users)  are  generally  employed  in  this  testing— independent  o 
the  developers.  Official  reports  are  then  issued  so  developers  and  approval  authorities 
can  review  the  effectiveness  of  the  item  against  its  requirements.  Production  approval 
hinges  upon  a  successful  OPEVAL.  Perhaps  due  to  the  diminished  development  and 
deployment  times  for  IT  applications  and  systems,  developers  have  tended  to  reduce 
alpha  testing  and  rely  primarily  upon  beta  testing  to  perform  test,  ana  yze,  ari  ix 
procedures.  This  places  a  heavier  burden  upon  beta  testers.  It  also  tends  to  reduce  overall 
product  quality  after  release.  Thus,  many  minor  upgrades,  fixes,  patches,  and  releases 
may  be  necessary  to  alleviate  the  many  problems  discovered  in  a  major  release. 
Purchasers  may  then  be  wary  of  major  upgrades  such  as  version  5.0  of  something  rather 
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man  5.3,  which  probably  fixes  some  additional  problems  inherent  in  version  or  release 


Beware  of  cooks  who  never  taste  their  own  food.  (Neal  Pollock,  1989.) 

Binary 

numbers  using  polarities  only,  that  is,  I's  and  O's  or  "on" 
and  off.  In  the  familiar  decimal  system,  each  "column"  represents  a  power  of  10.  The  I's 
colu^  is  actually  10  ,or  1.  The  second  column  is  10'=  10.  The  3"'  column  is  10'=  100  etc 

fi'mtfriVhtarf’il  on  10),  the 

2,  the  next  is  2  =  4,  the  next  is  2  =  8,  etc.  Thus  the  comparison  is  as  shown  below 


Binary 

Octal 

Decimal 


Comparison  of  Binary,  Octal,  and  Decimal  Numhpn; 

— 152 _ ^  110  I  111  I  1000  I  1001  I  1010  I  ion  |  nnn 

- - ^ - 2 _ 2  7  10  11  12  IF  14 

-5— Li - U _ I  6  I  7  Is  I  9  ~  10  11  "12 


Bmaiy  numbers  are  used  in  computers,  although  they  are  not  on/off,  but  are 
measured  by  voltage:  either  5  volts  (or  more)  =  1;  less  than  5  volts  =  0.  Some  newer 
systerns  use  3  volts  vice  5.  Octal  (based  on  eight)  can  easily  be  obtained  from  binary  (since 
power  of  2, 8  -  2  X  2  X  2)  by  taking  each  3  binary  columns  (starting  at  the  right) 

me  lastT diStf  ^ decimal  14  is  represented  as  1,110.  Taking 

me  last  3  digits  (110)  and  converting  mem  to  octal/decimal  =  6.  The  fourm  digit  is  a  1  So 

for  ^brL"“amc  Ad  "'If  '‘^id  ‘hat  "Black  and  white  only  works 

for  compLjf^^  Advanced  Information  System  Acquisition  Course)  but  it  also  works 

A  young  lad  was  sent  to  school.  He  began  his  lessons  with  the  other  children  and  the 
hmt  lesson  the  teacher  set  him  was  the  straight  line,  the  figure  "one."  But  whereas  the  oLrs 

the'tearh^'^”^'^^*^^^'  continued  writing  the  same  figure.  After  two  or  three  days 

til'll  finished  your  lesson?"  He  said,  "No  I’m 

Sr/  if  Tw  ■  of  the  week  the 

a  finished  it."  The  teacher  thought  he  was  an  idiot 

SntinuS  Sr  home  the  child 

continued  with  the  same  exercise  and  the  parents  also  became  tired  and  disgusted  He 

SSr  Zh  "  “‘her  children  are  going  on 

SSh  TSk  “P  you  do  not  show  any  progress;  we  are  tired  f f  you  " 

displeased  his  parents  too  he  had  better 
he  rr  H  u"^°  wilderness  and  lived  on  fruits  and  nuts.  After  a  long  time 

leam^dSte  Sr  Sl/li  him,  "1  think  fhave 

1  ^  And  when  he  made  his  sign  the  wall 

DassS!r°’  hTian,  The  Sufi  Message  of  Hazrat  Imyal  Kahn,  quoted  by  Ram 

Dass,  foumey  of  Aivakenmg,  Bantam,  New  York,  1978,  p.  197.)  ^ 

Biometrics 

inrl,V-?^rS  authenticate  or  identify  an  individual  based  upon  mat 

f  characteristics,  physical  or  behavioral.  The  most  common  biometric 

emod  IS  fmgerprmts.  Formerly,  such  methods  were  too  costly,  but  technology  has 
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lowered  the  costs  to  the  $100  range  per  unit.  Also,  large  purchases  (e.g.,  the  Navy/Marme 
Corps  Intranet)  provide  an  opportunity  to  drastically  lower  unit  costs  through  quantity 
buying.  Privacy  issues  of  recording  fingerprints  have  been  defused  because  less  than  the 
entire  print  is  needed  for  authentication  purposes.  These  devices  can  include  heat 
detectors  to  eliminate  malicious  attempts  to  circumvent  the  system  (e.g.,  transferred 
prints).  Biometric  data  can  be  embedded  cryptographically  onto  a  CAC  (smart  car  ). 

Other  types  of  biometrics  include  iris  or  retina  readers,  palm  readers,  and  algorithms  that 
analyze  the  way  an  individual  types.  While  there  are  error  rates  with  these  devices,  their 
accuracy  tends  to  be  quite  high.  Furthermore,  they  can  replace  the  use  of  passwords  that 
are  inherently  limited.  As  passwords  become  more  effective  (more  digits,  more  complex 
composition— special  characters,  case  sensitive,  numbers),  people  tend  to  write  them 
down  so  as  not  to  forget  them— completely  defeating  their  value.  Biometrics  can  elimmate 

this  difficulty. 


Human  after  all?  At  Leeds  University,  England,  problems  in  computer  circuitry  have 
been  traced  to  the  buildup  of  static  electricity  in  nylon  underwear  worn  by  female  operators 
in  too  close  proximity  to  the  excitable  machine.  {Moneysworth,  1971,  Vol.  2,  No.  5,  December 
13,  New  York.) 


A  handheld  device  made  by  RIM  (Research  In  Motion)  that  competes  wi*  another 
popular  handheld,  the  Palm,  and  is  marketed  primarily  for  its  wireless  e-mail  handlmg 
capability.  Through  partners.  Blackberry  also  provides  access  to  other  Internet  se^ices. 
Like  the  Palm,  Blackberry  is  also  a  personal  digital  assistant  (PDA)  that  can  include 
software  for  maintaining  a  built-in  address  book  and  personal  schedule.  In  addition,  it  can 
be  configured  for  use  as  a  pager  {Glossary  oflM/lT  &  KM  Terms).  Blackberries  can  be 
configured  for  individual  computers  so  that  the  computer  user  is  logged  on.  This  is  a 
definite  security  risk  to  the  network  since  users  should  be  logged  off  when  not  on  ^te^ 
Rather,  Blackberries  should  be  configured  to  connect  to  the  network  server  through  the 
firewall  to  protect  the  system  (IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course). 

Everything  that  can  be  invented  has  been  invented.  (Charles  H.  Duell,  Commissioner, 

U.S.  Office  of  Patents,  1899.  [received  by  author  via  Internet  e-mail.  This  quotation  is  h^ed 
by  Christopher  Cerf  and  Victor  Navasky  in  The  Experts  Speak,  ViUard,  NY,  1984,  p.225,  but 
they  state  that  The  Institute  of  Expertology  is  investigating  whether  this  is  a  true  quote  or 
not — see  Urban  Legends  below].) 


Blue  Tooth  i  j  • 

A  method  of  short-range  radio  allowing  communications  among  network  devices.  Its 

frequency  range,  however,  overlaps  with  microwave  ovens,  so  interference  can  occur 
(interference  is  much  less  if  devices  are  kept  a  minimum  of  ten  feet  apart).  They  can  also 
interfere  with  a  network  based  upon  its  own  radio-based  network.  Radio  frequency  (1  ) 
use  for  network  connections  is  also  a  distinct  security  risk.  Hackers,  for  instance,  practice 
"war  driving"  in  which  they  drive  around  in  cars  with  receivers  in  them  attuned  to  blue 
tooth  frequencies  so  they  can  discover  where  RF  is  being  used.  Then  they  can  eavesdrop 
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on  the  network  or  otherwise  affect  its  operations.  With  its  added  security  functions 
however,  blue  tooth  is  more  resistant  to  tapping  than  is  Home  RF.  RF  network  systems 
are  susceptible  to  disruption  and  denial  of  service  attacks  from  inside  and  outside.  The 
^  u  ^  maintained  by  the  blue-tooth  special  interest  group  (SIG)  which  is 

supported  by  3Com,  Ericsson,  IBM,  Intel,  Lucent,  Microsoft,  Motorola,  Nokia,  Toshiba 
and  more  than  2,000  adopter  and  associate  companies.  Some  futurists  have  hypothesized 
tnoth^V  ^  household  appliances  (e.g.,  refrigerators)  will  someday  be  equipped^with  blue- 
th  chips.  Blue  tooth  is  low  power,  low  cost,  short  range,  and  low  bandwidth.  To 
increase  security  and  resistance  to  interference,  blue  tooth  uses  frequency  hopping, 
several  different  security  modes,  authentication  via  hardware  addresses,  and  adaptive 
ansmission  power.  It  is  optimized  for  short  range  and  uses  128-bit  encryption  (I^VIC 
anagmg  Networked  Security  in  a  Networked  Environment  Course). 


T  Alva  Edison,  quoted  by  Christopher 

Cerf  and  Victor  Navasky  in  The  Experts  Speak,  Villard,  NY,  1984,  p.228.) 


Boot 


computer.  The  term  comes  from  bootstrap  (to  pull  yourself  up  by  your 

alloSi'Io ‘|™h  ^  computers  that 

a  tows  them  to  load  Iheir  operating  systems  and  begin  operation.  Cold  boots  (or  cold 

™  complete  power  up  of  the  machine.  Warm  boots  are  resets 

"starch  u'  ^  computer  that  is  already  powered  up.  After  hitting  the  Microsoft  Windows 
start  button  and  selecting  "shut  down,"  a  window  appears  providing  a  selection  of 

Sta^t™* "restart"  which  provides  a  shut  down  followed  by  a  warm 

nl  5  "“^cisen,  then  the  compute  will  be 

powered  down.  The  user  must  then  cold  start  or  cold  boot  the  computer  for  it  to  operate. 

rest  rfl'eX'Tpostr)'''"'  ’’“PP'" 

Brain  Drain 

As  predicted  in  the  Hudson  Commission's  Report,  Workforce  2000,  the  federal  work 
force  IS  losing  its  long-tae  employees  and  their  inherent  tadt  knowledge.  Little  ^^^0 
done  so  far  to  capture  this  knowledge.  The  Naval  Facilities  Engineering  Command  for 
instance,  estirnates  that  31  percent  of  its  workforce  will  be  eligible  to  retire  in  the  next  5 
years.  Recent  Base  Realignment  and  Closure  Act  relocations  Lve  also  resulted  in  a 
g  1  leant  loss  of  corporate  knowledge  (for  instance,  when  the  Space  and  Naval  Warfare 
Systems  Command  was  moved  from  Arlington,  VA,  to  San  Diego,  CA,  only  30  percent  of 
hs  workforce  relocated  with  the  Command).  SPA  WAR  was  able  however,  to  hire  new 
workers-although  it  needed  to  train  them.  The  Hudson  Report,  however,  indicated  that 

knowledge^le  worker  needs-even  with  a  predicted  increase  in  women  in  the 

nl'nY  expanded  the  visa  program  for  certain  foreign  workers 

Despite  initial  efforts  to  capture  and  transfer  tacit  knowledge,  there  is  a  conLual  brain 
dram  in  the  government.  It  has  been  proposed  that  means  be  created  to  allow  knowledge 
workers  to  tap  the  tacit  knowledge  of  personnel  retired  from  the  federal  government  TTie 
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story,  for  instance,  is  told  of  the  government  worker  who  retired  to  Florida.  When  a 
legacy  system  broke  and  the  agency  could  not  fix  it,  they  contacted  this  worker  and 
strongly  urged  him  to  return  for  a  short  visit  and  fix  the  critical  system.  He  reluctantly  did 
so,  buying  a  $1  part  in  a  local  store  to  do  it.  Then,  he  sent  in  a  bill  for  $50,000.  The  fmancial 
manager  insisted  that  he  itemize  the  bill,  so  he  sent  in  an  itemized  bill:  "part  -  $1, 
knowing  where  to  put  it  =  $49,999,  total  =  $50,000.  They  paid  him. 


The  sage  keeps  his  wisdom  to  himself  while  ordinary  men  flaunt  their  knowledge  in 
loud  discussion.  So  1  say,  "Those  who  dispute  do  not  see."  (Chuang  Tsi^  Inner  Chapters,  Gia- 
fu  Feng  and  Jane  English,  trans..  Vintage  Books/Random  House,  New  York,  1974,  p.  37.) 


Bricks  and  Mortar  . 

Traditional  business  with  a  physical  location  and  employees  as  dishnct  from  dot-com, 

"click  and  order,"  Web-based  businesses  with  few  employees  and  a  small  physica 
location.  Many  brick  and  mortar  businesses  also  have  Web  sites  for  customer  purchasing 
as  well,  sometimes  called  "clicks  and  mortar"  (or  "brick  and  click").  Indeed,  many  Web 
sites  merely  feed  into  more  traditional  ordering  and  distribution  systems  invisible  to 
customers.  Brick  and  mortar  sites  require  considerable  investment  in  infrastmcture,  ten 
to  be  labor  intensive,  and  have  inventory  and  tax  challenges.  Nevertheless,  they  satisfy 
customer  desires  to  experience  products  prior  to  purchase  as  well  as  browsing  and 
impulse  buying.  It  was  once  predicted,  after  typewriters  were  invented,  that  pencils 
would  disappear.  The  same  was  predicted  of  brick  and  mortar  businesses.  KM,  however, 
attempts  to  amalgamate  social  and  psychological  factors  with  technical  ones  to  achieve 
more  balanced  (and  more  accurate)  results.  Such  principles  are  applicable  to  electromc 

commerce. 

It  is  generally  better  for  people  to  arrive  at  truth  through  what  they  take  to  be  their  own 
volition.  (Idries  Shah,  Caravan  of  Dreams,  Octagon  Press,  London,  1968/1991,  p.  127.) 


Short  for  Web  browser,  a  software  application  used  to  locate  and  display  Web  pages. 
The  two  most  popular  browsers  are  Netscape  Navigator  and  Microsoft  Internet  Explorer 

{Glossary  of  IM/IT  &  KM  Terms). 

People  who  mind  their  own  business  die  of  boredom  at  30.  (Robertson  Davies,  A 
Mixture  of  Frailties,  Everest  House,  New  York,  1979,  p.  22.) 


A  computer  bug  is  an  error  or  flaw  in  a  software  application.  Bugs  cause  many  types 
of  errors  including  computer  crashes.  Bugs  in  browsers  make  computer  networks 
vulnerable  to  hacking.  For  instance,  early  versions  of  JavaScript  in  Netscape  Navigator  2.0 
allowed  a  malicious  applet  to  connect  to  any  Internet  host,  potentially  allowing  attacks  on 
computers  behind  firewalls.  Another  flaw  allowed  a  hacker  to  have  information 
automatically  forwarded  to  him  or  her  by  e-mail  from  attacked  sites. 
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exorcists  remind  us,  to  know  the  name  of  a  demon  is  to  have  power  over 
York  1992^°169^)'^'^  Douglas  Gillette,  The  Wrtrnor  Within,  William  Morris  &  Co.,  New 

500  new  bug  fixes  free  each  month:  http://vvvvw.bugnet.rom/ 

Bum-In — see  Learning  Curve 

A  process  for  raising  the  reliability  of  a  set  of  parts  or  other  process  input  or  product 
1  arts  used  in  electronic  equipment  often  have  their  lifetime  specified  with  a  mean  time 
between  failure  (MTBF,  reliability)  or  failure  rate.  However,  these  numbers  are  statistical 
averages  a^nd  the  standard  deviation  (or  range  of  actual  values)  can  be  quite  high.  It  was 
iscovered  that  the  actually  observed  MTBF  for  new  parts  was  far  lower  than  for  older 
(already  m  use)  parts.  Thus,  it  is  standard  procedure  to  burn  in  new  parts  for  some 
yecified  time  (i.e.,  have  them  powered  up  and  running)  so  that  the  worst  parts  would 
burn  out  during  the  burn-in  period.  Parts  that  survive  burn-in  have  greatly  increased 
reliability  on  average.  The  concept  of  burn-in  can  also  be  extended  to  software,  since 
much  shrink-wrapped  software  still  contains  many  bugs.  Contactor  off-the-shelf  software 
developers  may  rely  upon  beta  testing  to  remove  bugs,  but  this  does  not  compensate 
sufficiently  for  designing  in  reliability  and  proper,  formal  alpha  testing.  Initial  users  find 
many  errors  that  the  developer  supposedly  fixes  in  later  releases  (versions).  In  addition 
the  concept  can  be  extended  to  personnel— though  it  is  usually  referred  to  as  the  learning 
curve  in  this  domain.  Similarly,  burnout  is  also  applied  to  personnel  (also  known  as 
liveware  or  wetware). 

I  look  up  high  to  see  only  the  light,  and  never  look  down  to  see  my  shadow.  This  is 
nIw  Ybrk^l949'^p"5Tr^  Gibran,  Tears  and  Lmighter,  Philosophical  Library, 

Business  Process  Reengineering  (BPR)-see  Legacy  and  Reengineering 

R  constitutes  the  fundamental  rethinking  and  redesign  of  business  processes  to 
bring  about  drarnatic  improvements  in  critical,  contemporary  measures  of  performance 
such  as  cost,  quality,  service,  and  speed  {Glossary  oflM/lT  &  KM  Terms)  The  BPR 
approach  is  diametrically  opposed  to  total  quality  management  or  leadership.  The  latter 
seeks  to  gradually  improve  a  process  through  continual,  small  changes.  BPR  seeks  to 
entirely  replace  a  process-virtually  a  paradigmatic  change.  The  revolution  in  military 
affairs  IS  essentially  an  implementation  of  BPR.  Due  to  preexisting  rules,  regulations 
procedures  and  a  huge  multiplicity  of  stakeholders  with  different  perspectives)  it  can  be 
quite  difficult  to  perform  BPR.  However,  Office  of  Management  and  Budget  Circular  A- 
76,  which  orchestrates  competition  between  government  and  industry  for  noncore 
government  functions,  allows  a  period  of  time  for  the  government  facility  to  improve  its 
processes  and  procedures  (setting  aside  many  of  the  restrictions  preventing  such  changes 
in  the  past).  Government  agencies  have  won  about  half  of  these  competitions,  sometiines 
due  to  successful  introduction  of  BPR.  BPR  also  has  been  cited  as  one  method  to 
drastically  reduce  military  operating  costs  so  as  to  use  the  saved  funds  to  replace  aging 
military  equjment  such  as  tanks,  planes,  and  ships.  BPR  was  made  famous  by  Michael 
Hammer  and  James  Champy  in  Reengineering  the  Corporation.  As  has  been  pointed  out 
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many  times,  BPR  must  be  properly  coupled  with  IT  for  the  predicted  major  gams  to  be 
realized.  Naive  implementers  sometimes  implement  total  quality  management  and  call  it 
BPR  or  implement  IT  with  little  real  BPR  and  then  wonder  why  the  gains  were  not 
achieved.  Further,  implementation  of  BPR  (as  explicated  in  KM)  relies  upon  an 
amalgamation  of  social,  psychological,  and  technical  factors.  All  must  be  adequate  y 
addressed  for  successful  implementation.  Thus,  proper  introduction  of  BPR  depends 
upon  adequate  use  of  the  principles  of  change  management.  ,  i. 

See  Reengineering  Resource  Center  http:  /  / ww  w.reeng;ineering.com  (IRMC 
Advanced  Information  System  Acquisition  Course).  Turbo  BPR:  (Defense  Information 
Systems  Agency  Performance  Planning  Guidance  for  Fiscal  Year  1998,  p.  H-6),  see  Sharon 
Caudle's  "Reengineering:  Avoiding  Becoming  Lost  in  Space  (Reengineering  of 
Government  Organizations)"  {The  Public  Manager:  the  New  Bureaucrat,  1998,  Vol.  27,  No.  1, 
Spring,  pp.  27-30);  Balancing  Measures:  Best  Practices  in  Performance  Management  (National 
Partnership  for  Reinventing  Government,  1999,  August,  http:/ /www.npr.govZ 
library  /papers  /hkgrd  /balmeasure.html)  (IRMC  Measuring  Results  of  Organizational 
Performance  Course).  See  William  Ulrich's  "Business  Process  Redesign  and  the  Legacy 
Systems  Challenge"  {Crosstalk,  1995,  Vol.  8,  No.  1,  January  (IRMC  Advanced  Software 
Acquisition  Management  Course);  Information  Technolop/:  DLA  Should  Strengthen  Business 
Systems  Modernization  Architecture  and  Investment  Activities.  (G AO-0 1 -63X 
http: /  /www.gao.gov / new.items/ d01631.pdf  Jime  29, 2001,  64  pp.) 

When  Thomas  Jefferson  presented  his  credentials  as  U.S.  minister  to  France,  the  French 
premier  remarked,  "I  see  that  you  have  come  to  replace  Benjamin  Franklin."  "1  have  coine 
to  succeed  him,"  corrected  Jefferson.  "No  one  can  replace  him."  (Quoted  by  Jacob  Braude  m 
New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc., 

Englewood  Cliffs,  NJ,  June  1961,  p.  336.) 


Business  to  Business  (B2B) 

B2B  refers  to  the  buying  and  selling  of  products  and  services  between  businesses 
rather  than  with  the  final  customer  (B2C).  Manufacturers  selling,  for  instance,  to 
wholesalers  would  be  an  instance  of  B2B.  Supply-side  economics  and  supplier 
relationship  management  are  aspects  of  B2B  interchanges.  The  term  is  usually  used  or 
electronic  business  or  electronic  commerce. 

The  incentive  of  business  is  to  make  a  profit.  But  the  objective  of  business  is  not  to  rnake 
a  profit  but  to  serve  a  need.  (James  F.  Lincoln  quoted  by  Jacob  Braude  in  Neiv  Treasury  of 
Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June 
1961,  p.  57.) 

Business  to  Customer  (or  Consumer)  (B2C) 

B2C  refers  to  the  buying  and  selling  of  products  and  services  between  a  business  and  a 

customer  or  consumer.  It  refers  to  retailers  selling  to  end  users  or  purchasers  as  oppo^d 
to  B2B  between  businesses.  Customer  relationship  management  is  an  aspect  of  B2C.  This 
term  is  usually  used  for  electronic  business  or  electronic  commerce.  Brick  and  mortar 
businesses  also  use  B2C  if  they  sell  on  the  Web  in  addition  to  their  traditional  sales; 
however,  the  B2C  aspect  of  their  business  would  be  considered  click  and  order. 
Nevertheless,  many  B2C  sales  are  not  fully  automated — only  the  front  end  (Web  site)  is. 
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ThuS/  B2C  is  sometimes  more  of  a  total  quality  management  process  improvement  rather 
than  a  business  process  reengineering  effort,  which  would  imply  more  automation — 
replacing  the  entire  process  rather  than  one  small  part  of  it  (the  customer  interface).  Such 
an  implementation  could  be  considered  "paving  the  cow  paths."  The  overall  gains  from 
such  an  approach  are  more  virtual  than  actual.  Thus,  many  dot-coms  have  failed  since  the 
gams  from  IT  were  far  less  than  anticipated  (since  they  did  not  employ  BPR)  and  could 
not  compensate  for  the  limitations  inherent  in  electronic  sales  (e.g.,  lack  of  psychological 
factors  available  to  customers  who  can  touch/ feel  the  merchandise  prior  to  sale). 


Everything  is  worth  what  its  purchaser  will  pay  for  it.  (Publilius  Syrus,  first  century 
B.C.,  Maxim  847,  from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co  Boston 
1968,  p.  127.) 


Buzzword  Compliant 

Text  that  reflects  the  current  politically  correct  (PC)  terminology.  Many  terms  used  in 
DoD  are  replaced  periodically  with  often  minor  or  subtle  changes  in  meaning  or 
application.  Examples  include  earned  value  management  (EVM)  replacing  the 
cost/schedule  control  systems  criteria  (C/SCSC),  approval  for  full  production  (AFP) 
replacing  approval  for  service  use  (ASU),  and  innumerable  others.  Continuing  persormel 
turnover  (including  changes  in  Administration)  dictate  that  current  terms  be  used  since 
newer  participants  are  usually  unfamiliar  with  prior  terminologies. 

For  the  primitive  mind  the  thing  in  itself  is  posited  by  the  name.  (C.  G.  Jung,  The 
Structure  and  Dynamics  of  the  Psyche,  CW8,  Pantheon  Books,  New  York,  1960,  p.  379.) 

I  find  it  most  disadvantageous  to  let  neologisms  run  riot  in  any  science.  The  science 
then  becomes  too  specialized  in  an  unjustifiable  way  and  loses  contact  with  the  world.  1 
therefore  prefer  to  use  terms  that  are  also  current  in  other  fields,  at  the  risk  of  provoking 
occasional  misunderstandings.  (C.  G.  Jung,  Letters,  Vol.  1,  Bollingen  Series  95, 1906-50, 

Gerhard  Adler  and  Aniela  Jaffe,  Eds.,  Princeton  University  Press,  Princeton,  NJ,  1953,  p. 
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Cable  Communications  Policy  Act  (CCPA),  18  U.S.C.  §  1030 

Prohibits  cable  operators  from  using  systems  to  gather  personal  information  about 
subscribers  without  their  consent;  bars  cable  operators  from  disclosing  date,  requires 
annual  notice  to  cable  subscribers  of  personal  data  collected;  has  civil  penalties  (IRMC 
Assuring  the  Information  Infrastructure  Course). 

He  who  spares  the  bad  injures  the  good.  (Publilius  Syrus.  in  3,500  Good  Quotes  for 
Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  129.) 

Cache  Memory  £_  i 

Very  fast  random  access  memory  used  to  temporarily  store  items  that  are  frequently 

reused  so  as  to  save  time.  Cache  is  especially  useful  for  scientific  research  and  technical 

programming  versus  standard  word  processing  type  use. 

If  you  cannot  say  what  you  have  to  say  in  20  minutes,  you  should  go  away  and  write  a 
book  about  it.  (Lord  Brabazon,  quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every 
Speaking  and  Writing  Occasion  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  320.) 

Cache  Server 

A  server  relatively  close  to  Internet  users  and  typically  within  a  business  enterprise 
that  saves  (caches)  Web  pages,  and  possibly,  file  transfer  protocol  (FTP)  and  other  files 
that  many  users  have  requested  so  that  successive  requests  for  these  pages  or  files  can  be 
satisfied  by  the  cache  server  rather  than  requiring  the  use  of  the  Internet.  A  cache  server 
not  only  serves  its  users  by  getting  information  more  quickly  but  also  reduces  Internet 
traffic  {Glossary  oflMflT  &  KM  Terms). 

While  we  stop  to  think,  we  often  miss  our  opportunity.  (Publilius  Syrus,  Maxim  185, 
from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  125.) 

Capability  Maturity  Model  (CMM)— see  Software  (S/W) 

A  system  for  organizational  evaluation  that  is  based  on  the  idea  that  an  organization 
should  improve  its  management  processes  and  capabilities  as  it  gains  experience  and 
matures.  It  is  believed  that  organizations  can  progress  through  five  levels  of  maturity- 
initial,  repeatable,  defined,  managed,  and  optimizing — ^with  prominent  characteristics  at 
each  plateau  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  The 
FFRDC  Software  Engineering  Institute  (SEI)  of  Carnegie-Mellon  University  (CMU) 
developed  the  CMM  for  software  development  companies  and  later  added  additional 
scales  for  software  management  etc. 
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Capability  Maturity  Moder 


Level 

-J - - - ..ex - J - - * 

Focus 

Key  Process  Areas  (KPAs) 

5.  Optimizing 

Continuous  process 
improvement 

Defect  prevention 

Technology  change  management 

Process  change  management 

4.  Quantitatively 
Managed 

Product  and  process  quality 

- - - -  L? _ _ 

Quantitative  project  management 
Organization  process  management 

Product  line  management 

Software  quality  management 

3.  Defined 

Software  acquisition  processes 
and  organizational  support 

-  »  '  . ^ _ L2 _ _ _ 

Organization  process  focus 

Organization  process  definition 

Training  program 

Integrated  software  management 

Software  product  engineering 

Inter-group  coordination 

Peer  reviews 

2.  Repeatable 

Project  management  processes 

Requirements  management 

Software  project  planning 

Software  project  tracking  and  oversight 
Software  supplier  management 

Software  quality  assurance  (QA) 

Software  configuration  management 
(CM) 

1.  Initial 

Competent  people  and  heroics 

A  \  Ll  _ _  _  ..  ri 

None 

- - - — - - - - - 

a.  IRMC  Advanced  Software  Acquisition  Management  Course. 


See  Tom  Schorsch's  "The  Capability  Im-Maturity  Model  (CIMM)"  {Crosstalk,  1996, 

Vol.  9,  No.  11,  November,  pp.  27-30);  Saiedian  and  Kuzara's  "SEI  CMM's  Impact  on  ' 
Contractors"  {IEEE  Computer,  1995,  January,  pp.  16-26,  and  reprinted  in  Don  Reifer's 
Software  Management,  1997,  pp.  65-75);  and  Mark  Paulk's  "A  Detailed  Comparison  of  ISO 
9001  and  the  CMM"  {Guidelines  for  Successful  Acquisition  and  Management  of  Software 
Intensive  Systems,  1996,  Vol.  2,  June,  Appendices,  Department  of  the  Air  Force,  STSC,  pp.  I- 
1  to  1-15)  (IRMC  Advanced  Software  Acquisition  Management  Course). 

Idiot-proofing  is  also  genius-proofing.  (Dave  Marinaccio,  All  I  Really  Need  to  Know  1 
Learned  from  Watching  Star  Trek,  Crown  Publishing,  New  York,  1994,  p.  94.) 

Capital  Planning  and  Investment— see  A-11  and  Portfolio  Management 

A  process  for  the  effective  selection,  management,  and  evaluation  of  IT  investments. 
The  DON  IM/IT  Capital  Plantnng  Guide  is  a  tool,  developed  by  the  Department  of  the 
Navy  Chief  Information  Officer  (DON  CIO)  that  outlines  DON  capital  planning  polices 
and  procedures,  and  provides  a  model  to  assist  managers  and  decision  makers  with  the 
capital  planning  process  {Glossary  of  MAT  &  KM  Terms).  This  discipline  is  one  of  the  10 
federal  CIO  competencies,  specified  by  the  Federal  CIO  Council  Executive  Board, 
included  in  the  IRMC's  curriculum  for  its  CIO  certificate.  The  Information  Technology 
Management  Reform  Act  makes  agency  heads  responsible  for  capital  planning, 
monitoring,  and  evaluating  for  their  agencies  (IRMC  New  World  of  the  CIO  Course). 
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Capital  planning  is  not  unique  to  IT  but  is  an  important  feature  of  financial  management. 
It  is  included  in  many  MBA  programs.  Financial  management  is  also  addressed  in  the 
Defense  Acquisition  Workforce  Improvement  Act  (DAWIA)  under  its  "FIN"  (financial) 
competency  area. 

Proposed  IT  capital  investments  must  compete  with  other  capital  projects  for  the  same 
scarce  funds.  Projected  financial  returns  must  be  adjusted  to  include  risk.  Despite  the 
financial  planning  and  evaluation  of  capital  investments,  survival  of  an  organization  in  a 
competitive,  dynamic  environment  can  be  the  most  telling  reason  for  investing  in  IT.  Such 
nonfinancial  reasons  can  be  described  as  quantitative  (e.g.,  faster  cycle  time  or  service)  or 
qualitative  (increased  customer  satisfaction  or  employee  commitment).  It  can  be  difficult 
to  accurately  assign  dollar  values  to  such  criteria  in  the  government.  Following  selection 
of  IT  investments,  an  organization  must  implement  or  control  them  and  gather  metrics 
data  during  operations  so  that  they  can  later  be  evaluated.  Thus  metrics  methods  must  be 
created  and  installed  in  parallel  with  the  investment. 

Finally,  the  evaluation  of  prior  investments  should  become  part  of  the  process  of 
selecting  new  investments.  Each  investment  must  be  evaluated  as  to  its  contribution  to 
the  whole  enterprise.  The  best  individual  investment  may  not  be  the  optimal  choice  for  a 
particular  organization  at  a  particular  point  in  time.  The  best  decisions  create  the  best  IT 
portfolio.  Management  should  also  be  flexible  enough  to  modify  projects  to  correct  or  re¬ 
aim  them  over  time. 

Lessons  learned  (a  la  KM)  should  be  collected  and  reflected  upon  including  the 
efficacy  of  metrics  methods  and  the  capital  plarming  and  inv estment  process  itself.  The 
CIO  must  be  part  of  this  process.  Per  decision  theory,  the  three  factors  important  in 
selecting  and  evaluating  investments  are  value  (projected/ actual 

ramifications/benefit/ROI  to  the  enterprise),  risk  (probabilities  of  success  or  failure),  and 
costs  (life  cycle  and  cash  flow,  considering  present  value).  Activities  often  have  an 
executive  management  board  or  investment  review  board  to  decide  on  investments, 
tradeoffs,  etc.  They  may  only  consider  investments  that  exceed  a  designated  cost 
threshold.  The  roles  of  CIO,  CFO,  CEO,  etc.,  should  be  defined  and  understood  amongst 
the  players  (IRMC  New  World  of  the  CIO  Course).  See  DoD  s  Guide  fov  Adcinciging  IT  us  un 
Investment  and  Measuring  Performance  (version  1.0, 1997,  February  10)  and  GSA's 
Performance-Based  Management:  Eight  Steps  to  Develop  and  Use  IT  Performance  Measures 
Effectively  (http:  // www.itpolicy.gsa.gov7 mkm/  pathways/pathways-htm,  p.  51)  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  See  the  DON  IT  Investment 
Evaluation  Handbook  (DON  CIO,  version  1.0,  July  2001),  available  at  the  DON  CIO  Web 
site:  http:  /  /  www.don-imit.navy.mil  and  the  Executive  Office  of  the  President:  Analysis  of 
EOP's  1999  Information  Technology  Architecture  Update  and  Capital  Investment  Plan  Report 
(ATMD-00-63R,  February  4, 2000, 16  pp.  http:  /  /archive.gao.gov  /  f0302/163215.p.df). 

Whoever  creates  affirms  that  the  creative  act  has  meaning,  a  meaning  which  transcends 
the  act  itself.  (Elie  Wiesel,  Souls  on  Fire,  Summit  Books,  New  York,  1972,  p.  31.) 

At  3M:  We  consider  a  coherent  sentence  to  be  an  acceptable  first  draft  for  a  new- 
product  plan  . . .  We  don't  constrain  ourselves  with  plans  at  the  beginning  when  ignorance 
is  highest.  Sure  we  plan.  We  put  together  meticulous  sales  implementation  plans.  But  that's 
after  we  know  something.  At  the  very  front  end,  why  should  we  spend  time  writing  a  250- 
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page  plan  that  Wes  to  drive  out  ignorance  before  having  first  done  some  simple  tests  on 
customer  premises  or  in  a  pilot  facility  somewhere  . . .  New  Business  Ventures  Division:  An 
NBVD  product  is  neivr  justified  on  the  analytic  case;  it  must  be  based  on  belief.  (Thomas  J. 

Peters  and  Robert  H.  Waterman,  Jr.,  In  Search  of  Excellence,  Warner  Books,  New  York  1982 
p.  232.) 

Case-Based  Reasoning  (CBR) 

CBR  is  an  application  of  artificial  intelligence  that  uses  lessons  learned  from  past  cases 
to  answer  questions,  design  documents,  create  strategies,  etc.  A  particular  CBR  tool  is 
selected  to  match  the  user  objectives,  then  tailored  or  tuned  to  the  specific  application. 
Cases  are  then  selected  for  loading  into  the  tool.  Once  operational,  the  algorithm  asked 
the  user  questions  concerning  the  specific  job  at  hand  then  presents  selected  cases  or  parts 
thereof  for  the  user  s  consideration.  If  the  first  does  not  complete  the  task  at  hand,  the  user 
then  enters  the  results  of  the  first  trial  to  enable  the  CBR  tool  to  select  a  better  one. 

Interestingly  enough,  the  number  of  cases  needed  to  be  preloaded  prior  to  effective 
use  IS  relatively  low— fewer  than  would  be  guessed.  The  success  rate  of  CBR  tends  to  be 
quite  high;  however,  the  complexity  of  the  task  may  necessitate  considerable  work  by 
implementors  prior  to  fielding  the  system  even  when  using  an  off-the-shelf  tool. 

The  Naval  Research  Laboratory  has  done  extensive  work  with  CBR.  David  Aha,  for 
instance,  designed  the  CBR  tool  embedded  into  the  Knowledge-Centric  Organization 
Toolkit's  version  2.0,  adding  a  guided  search  capability.  They  have  also  assisted  Port 
Hueneme  in  implementing  a  CBR  tool  for  equipment  diagnosis  on  ships  at  sea,  lowering 
the  need  for  additional  personnel.  They  have  also  used  the  tool  to  support  operational 
planning  for  the  fleet.  Furthermore,  their  CBR  tool-set  can  also  be  used  to  create  new 
documents  based  on  a  set  of  older  ones  of  similar  type.  This  is  similar  to  the  Navy 
International  Programs  Office's  (IPO)  international  agreements  generator  (lAG)  program, 
with  which  one  can  create  a  first  draft  of  an  international  agreement  in  far  less  than  a  day. 
For  instance,  it  was  used  to  create  the  first  draft  of  the  acquisition  category  (ACAT)  ID 
multifunctional  information  distribution  system  (MIDS)  production  phase  supplement 
prior  to  negotiation  with  four  other  NATO  nations. 

See  "Case  Based  Reasoning"  in  Chips  Magazine,  DON  CIO  and  SPA  WAR,  Winter  2002, 
page  29,  at  http:/ /www. chips. nav'y, mil/archives/02  vvinter/index2  files/ 
case  based  reasoning.bhn 

A  technology  that  attempts  to  combine  many  of  the  positive  features  of  the  above 
technologies  is  case-based  reasoning  (CBR).  CBR  has  become  the  most  common  technology 
for  problem  resolution  in  the  customer  support  environment.  CBR  provides  a  method  for 
representing  past  situations  (“cases")  and  retrieving  similar  cases  when  a  new  problem  is 
input.  In  the  customer  support  environment,  past  problems  and  their  solutions  are  stored  as 
cases.  Given  a  description  of  a  current  problem,  the  system  searches  for  similar  known  cases 
...  The  system  then  asks  the  user  questions  (proactively)  about  the  problem  to  help  narrow 
the  search  for  the  correct  solution.  Problems  not  in  the  case-base  represent  opportunities  to 
improve  the  knowledge  repository. 

Technical  experts  solve  these  problems  and  input  their  resolutions  into  the  case-base. 

While  CBR  has  evolved  from  the  research  community,  it  has  resulted  in  numerous  business 
successes  in  customer  support  and  won  several  innovative  applications  awards.  In  fact, 

CBR  is  probably  the  form  of  "artificial  intelligence"  software  that  is  in  broadest  commercial 


62 


use  today  . . .  Like  all  technologies,  however,  CBR  has  its  limitations.  Chief  among  them  is 
that  knowledge  must  be  "authored"  in  order  to  fit  into  the  case  structure.  This  typically 
means  that  analysts  with  expertise  in  case  development  must  review  and  edit  submissions 
to  the  knowledge  base  to  ensure  conformance  and  quality. 

Increasingly,  however,  it  is  possible  to  create  cases  directly  from  documents  that  contain 
support  knowledge  by  scanning  the  documents  and  running  them  through  an  automated 
case  generator.  As  this  emerging  technology  matures  it  will  allow  nonexperts  in  CBR  to 
create  new  cases.  However,  ensuring  the  quality  of  the  knowledge  base  is  still  likely  to 
require  some  human  intervention.  (Thomas  H.  Davenport  and  Philip  Klahr,  Managing 
Customer  Support  Knowledge,"  California  Management  Review,  Berkeley,  CA,  Spring  1998, 

Vol.  40,  No.  3,  pp.  195-208.) 

Central  Design  Activity  (CD A) 

CD  As  develop  and  maintain  application  software  and  are  responsible  for  making  the 
application  software  work  within  a  domain  {Glossary  oflhd/lT  &  KM.  Terms).  They  are  an 
IT  adaptation  of  the  design  agent  (DA)  and  technical  development  activity  (TDA)  defined 
in  NAVSEAINST  5400.57B. 

There  is  no  I  in  "team."  (Marion  [LL  Cool  J]  on  "In  the  House,"  television  show, 

September  2, 1997.) 

Central  Tendency 

A  type  of  error  in  which  the  rater  does  not  tend  to  use  the  extreme  ends  of  the  scale 
and  thereby  fails  to  differentiate  between  strong  and  weak  subjects  (IRMC  Measuring 
Results  of  Organizational  Performance  Course).  The  dynamic  range  of  a  set  of  scores  is 
the  difference  between  the  lowest  score  and  the  highest  score.  When  human  raters  are 
used,  however,  they  tend  to  rate  or  score  more  heavily  toward  the  middle  of  the  scale 
independent  of  the  actual  value  of  the  items  being  scored.  Thus,  there  are  more  scores  in 
the  mid-range  area  so  that  the  full  dynamic  range  of  the  data  is  not  achieved.  This 
negatively  affects  the  statistics  involved.  Central  tendency  needs  to  be  compensated  for  in 
such  areas  as  award  fee  evaluations,  bid  proposals,  etc.  For  instance,  if  technical  raters 
succumb  to  the  central  tendency,  the  various  bidders  will  tend  (especially  if  there  are 
questions  and  best  and  final  offers  as  part  of  the  evaluation)  to  equalize  towards  the 
middle  of  the  rating  scale.  Under  such  conditions,  the  cost  will  prevail  over  the  technical 
proposals,  defeating  the  government's  desire  for  a  "best  value"  award.  It  is  incumbent 
upon  the  chairperson  of  the  technical  committee  or  panel  (e.g.,  source  selection  evaluation 
board,  SSEB)  and  the  oversight  board  (source  selection  advisory  council,  SSAC)  to  take 
action  to  preclude  such  an  effect. 

Mediocrity  succeeds  wonderfully  well  nowadays — nobody  hates  it  because  every  one 
feels  how  easily  they  themselves  can  attain  it.  Exceptional  talent  is  aggressive — actual 
genius  is  offensive;  people  are  insulted  to  have  a  thing  held  up  for  their  admiration  which  is 
entirely  out  of  their  reach.  They  become  like  bears  climbing  a  greased  pole;  they  see  a  great 
name  above  them — a  tempting  sugary  morsel  which  they  would  fain  snatch  and  devour 
and  when  their  uncouth  efforts  fail,  they  huddle  together  on  the  ground  beneath,  look  up 
with  dull,  peering  eyes,  and  impotently  snarl!  (Marie  Corelli,  Ardath,  R.  F.  Fenno  &  Co., 

New  York,  pp.  14-15.) 
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riio  princely  man  ...  stands  in  the  middle,  and  leans  not  to  either  side.  The  princely  man 
enters  into  no  situation  where  he  cannot  be  himself.  (Confucius,  Wisdom  of  Confucius,  Peter 
Pauper  Pres.s,  Mt.  Vernon,  NY,  196.3,  p.  47.) 

CERT— see  Computer  Emergency  Response  Team— shortened  term  for  Digital  Certificate 

A  professor  gave  a  test  for  an  ornithology  class  consisting  only  of  bird's  legs  with  the 
students  directed  to  identify  the  species.  A  very  upset  student  ripped  up  his  copy  of  the  test 
in  front  of  the  professor  and  stated,  "This  is  ridiculous!"  After  a  shouting  match  with  the 
protessor,  the  professor  demanded  the  student's  name  so  he  could  record  a  failing  grade. 

The  student  pulled  up  a  pant's  leg  and  said,  "You  tell  me,  professor."  (Jan  Harold 
hrun\'and.  Curses!  Broiled  Ae^nm!  The  Hottest  Urban  U’gcnds  Going,  W.  W.  Norton,  NY,  1989). 

See  Urban  Legends  below. 

Certificate  Revocation  List  (CRT) 

A  list  of  no  longer  valid  certificates.  It  is  issued  or  maintained  by  a  certificate  issuer 
registration  authority  (RA),  or  certification  authority  (CA).  It  is  analogous  to  credit  card 
revocation  lists.  Employee  churn,  business  life  cycles,  etc.,  dictate  that  digital  certificates 
may  become  invalid  over  time.  CRTs  are  a  means  of  identifying  invalid  certificates.  To  be 
effective,  CRLs  must  be  frequently  updated  and  properly  distributed  or  accessible  to 
users.  Need  should  determine  whether  obtaining  updates  to  CRLs  are  to  be  push  or  pull. 

No\  er  to  grow  old  i.s  a  very,  very  evil  fate,  though  the  twaddle  of  our  time  says 
othenvise.  (Robertson  Davies,  Wlint's  Bred  in  the  Bone,  Viking  Press,  New  York,  1985,  p.  401.) 

Certification  Authority  (CA) 

A  human  being  or  group  of  people  that  an  organization  authorizes  to  issue  digital 
certificates  to  its  computer  users  (similar  to  a  passport  office  or  officer).  The  CA  signs  the 
cei  ts  with  his  or  her  private  key.  CAs  are,  thus,  central  to  key  management  infrastructure 
and  public  key  infrastructure  (PKI).  Their  public  key  is  used  by  others  to  verify  the 
authenticity  of  certs  that  they  have  signed.  Examples  of  commercial  CAs/service 
suppliers  (supplied  by  Charles  Breed)  include:  http:  /  / www.baltimi^rp.rom 
llllp.^,,A,LYc:VLY\jKtien w  http:/ / www.us.bull.com/us.  http: / / ww w.certco.r-mn . 

hJJri^^iivyiTYxw bersa f e. co m,,  http:/ / vvww.diasigtrust.com.  http: //www.diversinet.com. 
Adp;/_YmY w,c ill r u st.com,  http:/ / www.ibm.com.  http: / / www.kvberpass  (nmn  and 
!lliT:.ii/Zwyyw.va^  From  PKI:  The  Myth,  the  Magic  and  the  Reality  by  Charles 

Breed,  hJip://nehAXLrMiS-eart^^  /arficle/n..1 2087  61.58.31  .fin  hfml 

utilized  in  the  IRMC  Managing  Networked  Security  in  a  Networked  Environment 
Course).  A  major  decision  is  whether  to  perform  CA  functions  in-house  or  to  out-source 
them.  Major  factors  to  consider  are:  economies  of  scale,  privacy  of  information  provided 
to  the  trusted  third  party  (TTP),  and  interoperability  with  other  types  of  certs.  A  bridge 
certification  authority  is  a  TTP  of  TTPs  that  facilitates  transfer  of  certificates  between  CAs 
(IRMC  Advanced  Information  System  Acquisition  Course).  Weaknesses  of  hierarchical 
certification  authorities  and  single  TTPs  can  be  assuaged  via  virtual  verification  (Petra  van 
Krugten  and  Mark  Hoogenboom,  "B2C  Security— Be  Just  Secure  Enough,"  Computers  and 
Sccimty,  Amsterdam,  2000  Vol.  19,  No.  4,  pp.  348-356)  or  mesh-network.'  CAs  that  use 
distributed  or  peer-to-peer,  multiple  verification  versus  a  single  CA  (IRMC  Developing 


Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course  author's  final  paper,  PKI 
Vulnerabilities).  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 


A  man  who  has  risked  his  life  knows  that  careers  are  worthless,  and  a  man  who  will  not 
risk  his  career  has  a  worthless  life.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty 
Books,  New  York,  1996,  p.  248.) 

Change  Management  http:  /  / www-management.wharton.upenn.edu  /leadership/ — see 
Leadership 

The  set  of  methods  and  techniques  used  to  consciously  manage  the  introduction  and 
institutionalization  of  a  change  into  an  organization.  According  to  the  IRMC's  New 
World  of  the  CIO  Course,  history's  lesson  is  "If  you  always  do  what  you  always  did,  you 
will  always  get  what  you  always  got."  Similarly,  insanity  has  been  described  as  doing  the 
same  thing  again  and  again  and  expecting  to  get  a  different  result. 

Change  management  is  used  in  business,  especially  in  marketing,  to  describe  the 
product  life  cycle.  This  cycle  (similar  to  virtually  all  human  traits  and  processes)  is 
normally  distributed  (i.e.,  fits  the  Gaussian  distribution).  Initially,  the  group  of  early 
adopters"  will  accept  the  change  that  gradually  (if  change  management  is  done  correctly) 
permeates  larger  and  deeper  layers  of  the  organization.  But  it  is  not  expected  that 
everyone  will  ever  accept  the  change. 

Price  Pritchett's  High  Velocity  Culture  Change  (and  other  works)  describes  ways  to 
facilitate  the  process.  Interestingly,  Thomas  Kuhn  (in  his  classic  The  Structure  of  Scientific 
Revolutions)  states  that  the  scientific  establishment  of  the  day  must  die  off  before  the  new 
paradigm  is  established.  Change  can  be  evolutionary  and  gradual  (e.g.,  total  quality 
management  [TQM])  or  revolutionary  and  rapid  (e.g.,  business  process  reengineering 
[BPR]),  but  major  change  (to  be  successful)  must  involve  culture  change  in  the 
organization.  Interestingly,  a  university  study  (contrary  to  expectations)  found  that 
within  one  year  of  assuming  their  positions,  many  corporate  chief  executive  officers  were 
quite  successful  in  changing  corporate  culture  and  turning  around  their  enterprises. 
However,  as  asserted  many  times,  half  the  solution  is  identifying  the  problem.  All  too 
often  people  try  to  correct  a  symptom  or  side  effect  rather  than  the  cause  or  true 
"problem"  or  address  the  proper  emerging  opportunity.  W.  Edwards  Deming's 
explanation  of  the  central  limit  theory,  with  his  control  charts,  upper  control  limits 
(UCLs),  lower  control  limits  (LCLs),  common  cause  variation,  and  special  cause  variation 
addresses  this  problem.  Problems  can  be  content  problems  or  process  problems. 

Deming  warned  people  about  trying  to  fix  a  process  that  was  in  equilibrium  (he  called 
it  "tampering")  unless  one  is  improving  the  process  itself  (e.g.,  to  achieve  a  tighter 
statistical  tolerance).  Negative  artifacts  under  such  conditions  are  not  justification  for 
changing  the  process — only  fixing  the  content  (instance).  If  our  security  system  detects 
and  corrects  for  an  attack,  why  modify  the  system?  All  too  often  that  is  exactly  what  is 
done.  "If  it  ain't  broke,  don't  fix  it."  Of  course,  proponents  of  reengineering  and  progress 
have  also  said,  "if  it  ain't  broke,  break  it."  These  two  statements  seem  to  be  antithetical. 
They  are  not.  The  world  is  nonlinear,  not  linear.  As  pointed  out  by  Frederick  Hertzberg  in 
his  two  factor  theory,  there  is  a  fundamental,  qualitative  difference  between  moving  from 
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a  negative  condition  to  a  neutral  condition  on  the  one  hand  and  moving  from  a  neutral 
condition  to  a  positive  condition  on  the  other.  Some  managers  like  to  ignore  problems  by 
calling  them  opportunities.  This  is  totally  wrong.  Challenges,  yes,  but  not  opportunities. 


Various  Schemas  or  Views  of  Polarity/Change 


Views: 

Hertzberg 

Skinner 

Jung 

- 

Change 

Approach 

Positive 

Motivators 

Positive 

reinforcement 

Analysis: 

individuation 

BPR 

Break  it 

Negative 

Hygiene 

factors 

Negative 

reinforcement 

Therapy; 

illness 

TQM 

Fix  it 

There  is  nothing  more  difficult  to  carry  out,  nor  more  doubtful  of  success,  nor  more 
dangerous  to  manage,  than  to  initiate  a  new  order  of  things.  For  the  initiator  has  the 
enmity  of  all  who  would  profit  by  the  preservation  of  the  old  system,  and  merely 
lukewarm  defenders  in  those  who  would  gain  by  the  new  one"  (Machiavelli).  The  steps  in 
change  management  have  been  variously  described;  one  model  has: 

1)  Establishing  a  sense  of  urgency 

2)  Creating  and  communicating  the  vision 

3)  Forming  a  coalition:  marketing 

4)  Creating  short  term  wins 

5)  Dealing  with  resistance 

6)  Institutionalizing  new  approaches 

7)  Awareness  of  introducing  chaos  into  organizations. 

"The  paradox  of  success:  If  you  keep  on  going  in  the  same  direction,  you'll  miss  the 
road  to  the  future"  (IRMC  Leadership  for  the  2T' Century  Course). 

^66  http./ / WWW. strategy-business. com /  for  dealing  with  resistance  to  change; 

Bell  Atlantic  "success  storv:"http://www.c3i.osd.mil/bpr/bprrd/3217s6.htm  (IRMC 
New  World  of  the  CIO  Course). 


Despite  the  difficulties  of  major  organizational  and  perspective  changes,  as  Jacquie 
"Moms"  Mabley  sang,  "If  you  keep  doing  what  you  always  did,  you'll  keep  getting  what 
you  always  got."  Change  is  part  of  progress  (IRMC  Data  Management  Strategies  and 
Technologies  Course).  On  the  other  hand,  "There  is  a  fine  line  between  vision  and 
hallucination  (Ram  Charan,  "How  Networks  Reshape  Organizations  for  Results" 
Harvard  Business  Reviezv,  1991,  September-October,  91503).  Also,  as  Dutch  Admiral  Piet 
Hein  stated,  "Problems  worthy  of  attack  prove  their  worth  by  hitting  back"  (IRMC  New 
World  of  the  CIO  Course). 
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Methods  to  Deal  with  Resistance  to  Change 
(IRMC  Leadership  for  the  21^‘  Century  Course) 


_ :: _ _ _ A - 

Used 

Advantages 

Drawbacks 

Education 

Lack  of  Information 

People  may  help 

Time  consuming 

Communication 

Lack  of  Information 

People  may  help 

Time  consuming 

Participation 

Others  are  powerful 

Commitment  to  change 

Time  consuming 

Facilitation 

Adjustment  problems 

Only  way 

Time  consuming 

Negotiation 

Others  are  powerful 

Avoids  resistance 

Can  be  expensive 

Maniptdation 

Other  tactics  not  applicable 

Quick 

Future  problems 

Coercion 

Speed  is  essential 

Overcomes  resistance 

Risky  if  folks  are  mad 

From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

A  Formula  for  Change  (NASA):  http:  /  /science.ksc.nasa.gov  /  shuttle /nexgen/. 
rlvhp6.htm  5/02.  Change  =  /  R1/R2  where  P  =  Pressure;  V  =  Vision;  C  = 

Current  State;  AS  =  Achievable  Steps;  R1  &  R2  =  Resistance  to  change  divided  by  the 
readiness  for  change. 

Modified  Tyson-Dannemiller  Formula  for  Change:  http:  /  /  www.bra  dyinc.com/ 
issue  8.html  5/02.  C  =  V  x  D  >  R  where  C  =  Change;  V  =  Vision  for  the  Future;  D  = 
Dissatisfaction  with  the  Status  Quo;  R  =  Resistance  to  Change. 

The  Change  Formula:  http://www.leading-change.com  /formula.htmJ  5/ 02.  Ch  =  D  x 
M  X  P  >  C  where  CH  =  Change;  D  =  Dissatisfaction  with  the  status  quo;  M  =  A  new  model 
for  managing  or  organizing;  P  =  A  planned  process  for  managing  Change;  C  =  Cost  of 
change  to  individuals  and  groups. 

As  Sandra  Smith  (of  IX)N  CIO)  says,  "D'G'  =  "If  you  always  do  what  you  always  done, 
then  you're  gonna  get  what  you  always  got." 

For  primitive  egoism,  however,  the  standing  rule  is  that  it  is  never  "I"  who  must 
change,  but  always  the  other  fellow.  (C.  G.  Jung,  Civilization  in  Transition,  Princeton 
University  Press,  Princeton,  NJ,  1964,  p.  138.) 

Everybody  thinks  of  changing  humanity  and  nobody  thinks  of  changing  himself. 

(Count  Leo  Tolstoy,  quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking 
and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  353.) 

If  you  don't  know,  don't  "no!"  (Neal  Pollock,  PMS-415,  NAVSEASYSCOM,  March  23, 

1987.) 

Chief  Financial  Officers  Act  (CFOA),  P.  L.  101-576 

Requires  the  systematic  measurement  of  performance.  It  also  requires  agency  financial 
statements,  and  the  instructions  for  preparing  these  statements  specifically  require 
program  performance  measures  (Defense  Information  Systems  Agency,  Performance 
Planning  Guidance  for  Fiscal  Year  1998,  p.  G-3)  (IRMC  Measuring  Results  of  Organizational 
Performance  Course).  See  chief  financial  officers  home  page:  http://cfoc.gov. 
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The  single  biggest  danger  in  business  and  life,  other  than  outright  failure,  is  to  be 
successful  without  being  resolutely  clear  about  why  you  are  successful  in  the  first  place. 

(Robert  Burgelman,  Stanford  Business  School,  quoted  by  Jim  Collins,  Good  to  Great,  Harper 
Business,  New  York,  2001,  p.  213.) 

Chief  Information  Officer  (CIO) 

The  person  responsible  for  information  management,  IT,  and  computer  systems  that 
support  enterprise  goals.  As  IT  and  systems  have  become  more  important,  the  CIO  has 
come  to  be  viewed  in  many  organizations  as  a  key  contributor  in  formulating  strategic 
goals.  In  the  Department  of  Navy,  the  CIO  reports  directly  to  the  Secretary  of  the  Navy. 
The  Clinger-Cohen  Act  (CCA)  directed  federal  agencies  to  establish  CIOs  at  the  agency 
level.  Since  then  numerous  CIOs  have  been  appointed  at  subsidiary  organizational  levels. 
Initially,  CIOs  tended  to  report  to  an  organization's  chief  financial  officer — reflecting  the 
CIO's  oversight  of  capital  planning  and  investment  efforts. 

However,  most  organizations  have  moved  to  an  independent  CIO  at  a  board  level- 
reflecting  the  encompassing  nature  of  this  role  and  the  importance  of  IT  to  organizational 
needs  in  changing  environments.  Educational  organizations  now  have  certificate 
programs  for  CIOs.  The  Information  Resources  Management  College  (IRMC),  part  of  the 
National  Defense  University  (NDU),  created  a  "federal  CIO  competencies"  wheel 
(http:  /  / w ww .ndu.edu / irmc /  and  http:  /  /  ww w.c3i .osd .mi  1  / org / do  /dolinks  / 
dpedtrg.html  that  includes  10  competencies  leading  to  the  CIO  Certificate  (which  were 
specified  by  the  Federal  CIO  Council  Executive  Board— see  http:  /  /www.cSi.osd.mil  / 
org/cio/execboard/).  These  are:  acquisition;  architectures  and  infrastructures;  capital 
planning  and  investment;  leadership,  performance-  and  results-based  management; 
policy,  process  improvement;  security  and  assurance;  strategic  planning;  and  technology 
assessment. 

The  Department  of  Defense  (DoD)  Authorization  Act  of  2000,  Section  8121,  directed 
that  all  IT  programs  be  certified  as  CCA-compliant  by  the  agency  CIO.  The  same  act  of 
2001,  Section  8102,  continued  this  requirement.  The  agency  CIO  in  DoD  is  the  Assistant 
Secretary  of  Defense  for  Command,  Control,  Communications,  and  Intelligence,  ASD 
(CT).  Normally,  however,  each  Service  CIO  "certifies"  program  CCA  compliance  prior  to 
DoD  CIO  review  and  final  certification.  See  http:/ / cio.gov/ clinger-cohen98sep.htm.  CCA 
requires  CIOs  to  provide  advice  and  assistance  to  agency  heads;  develop  sound, 
integrated  IT  architecture;  promote  improvements  in  work  processes;  and  monitor 
performance  of  IT  programs;  manage  human  assets  (assess  agency  IT  skills  and  the 
matching  of  incumbents  versus  requirements);  develop  strategies  to  address  deficiencies; 
and  report  progress  to  head  of  agency. 

The  CIO  has  four  roles/ personalities  that  cut  across  all  10  competencies:  visionary 
(document  vision  in  plans  and  policies),  integrator  (identify  and  coordinate  IT  activities 
and  processes  within /without  agency),  facilitator  (nurture  partnerships,  lead  IPTs  and 
teams),  and  operator  (maintain  IT  systems  as  well  as  personnel) 
http: /  / www.cio.com /archive/051 599  kit.html  (IRMC  New  World  of  the  CIO  Course). 

The  Federal  CIO  Council  was  established  in  1997  as  the  principal  DoD  IT  forum. 
Members  include  DoD  CIO  (i.  e.,  ASD  (CT));  Army,  Air  Force,  and  Navy  Department 
CIOs,  USD  (A&T),  USD  (P),  USD  (C),  Director  PA&E,  USMC  CIO,  J-6,  and  DoD  Deputy 
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CIO  (The  DoD  Critical  Infrastructure  Protection  [CIP]  Plan  [FOUO],  of  November  19, 
1998,  p.  17);  Public  Law  105-261,  Additional  Responsibilities  of  CIOs,  part  of  the  Defense 
Authorization  Act  of  Fiscal  Year  1999,  Sec.  331  (sec.  2223  of  Title  10  U.S.C.  Chapter  131) 
which  adds  to  the  CCA's  CIO  responsibilities:  Review  and  recommend  to  SECDEF 
IT/NSS  budget  requests,  ensure  IT/NSS  interoperability,  ensure  that  IT/NSS  standards 
are  prescribed,  and  eliminate  duplicate  IT/NSS  of  DoD  components;  also  adds  similar 
functions  to  the  MILDEP  CIOs  (IRMC  Assuring  the  Information  Infrastructure  Course). 

Communications  without  intelligence  is  noise;  intelligence  without  communications  is 
irrelevant.  (General  A1  Gray,  former  Commandant,  USMC.) 

Chief  Knowledge  Officer  (CKO) 

The  CKO  is  the  person  who  leads  KM  efforts  within  an  organization  and  promotes 
systems  thinking  and  enterprise  perspectives.  The  CKO  promotes  all  aspects  of  the 
knowledge  life  cycle  including  knowledge  generation,  sharing,  storage,  reuse,  etc.  As  the 
champion  of  KM,  the  CKO  communicates  the  vision  and  enables  the  organization  to 
translate  it  into  operational  values.  The  greatest  challenges  include  balancing  technology 
with  human  factors  and  in  organizational  cultural  change.  Specific  objectives  may 
include:  enabling  accessibility  of  the  best,  relevant  information  for  the  area  of  practice  to 
appropriate  personnel;  implementing  cross-organizational  communities  of  practice; 
establishing  incentive  programs  for  knowledge  creation,  sharing  and  re-use;  defining 
roles,  skill-sets,  and  opportunities  for  knowledge  workers;  and  facilitating  training  and 
education  of  knowledge  workers.  Specific  activities  might  include:  knowledge  fairs, 
toolkits,  pilot  projects,  sub-organizational  assists,  publications,  commimity  of  practice  and 
interest  participation  and  support,  presentations  to  organization  members  through  all 
hierarchical  levels,  specific  knowledge  tools  (e.g.,  Web  portal,  knowledge  network, 
knowledge  base,  videotapes),  and  social  networking.  While  CKOs  often  report  to  CIOs, 
KM  is  not  actually  part  of  IT;  thus,  the  CKO  position  may  tend  toward  independence 
from  IT.  The  CKO  utilizes  IT  to  perform  KM,  but  not  vice  versa.  It  has  been  stated  that 
human  and  social  factors  comprise  more  than  two-thirds  of  KM,  with  IT  comprising  less 
than  one-third.  Some  claim  the  difference  is  far  greater  than  this. 

From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

GovExec. Corn's  Calendar  of  Events  in  the  Federal  Arena:  http:  /  /  wvvw.govexec.com  / 
calendar  4/02.  Government  Executive  Magazine's  online  calendar  of  events. 

The  highest  reward  for  a  man's  toil  is  not  what  he  gets  for  it,  but  rather  what  he 
becomes  by  it.  Qacob  Braude,  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion, 

Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  344.) 

Children's  Online  Privacy  Protection  Act  (COPPA)  of  1998 

Requires  Web  sites  to  obtain  verifiable  parental  consent  before  collecting  personal 
information  from  a  child  under  13.  Applies  to  commercial  Web  sites  and  online  operators 
with  actual  knowledge  that  they  are  collecting  kids'  information  (IRMC  Developing 
Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 


69 


We  know  what  can't  be  known  and  then  spend  our  lives  seeking  to  justify  that 
knowledge.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New  York,  1996  p 
113.) 

Chip  Operating  System  (COS) 

A  sequence  of  instructions,  or  Mask,  embedded  in  the  read-only  memory  on  a  smart 
card,  that  performs  its  operations  (similar  to  DOS  or  Windows  in  function  but  suited  to 
the  smart  card  s  scope).  A  COS  provides  built-in  error  checking  for  the  card  per  ISO  7816 
(IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course). 

What  the  hell  is  it  good  for?  (Robert  Lloyd,  Engineer  at  the  Advanced  Computing 
Systems  Division  of  IBM,  c.1968,  reacting  to  colleagues  who  insisted  that  the  microprocessor 
was  the  wave  of  the  future,  [received  via  Internet  e-mail  and  verified  in  Christopher  Cerf 
and  Victor  Navasky  in  The  Experts  Speak,  Villard,  NY,  1984,  p.  230.) 

Chi-Square 

A  statistical  technique  that  can  determine  whether  the  groupings  of  cases  on  one 
variable  are  related  to  the  groupings  of  cases  on  another  variable  (e.g.,  are  high 
performers  more  likely  to  be  experimental  subjects  than  control  subjects?)  (IRMC 
Measuring  Results  of  Orpnizational  Performance  Course).  See  ANOVA.  The  chi-square 
distribution  is  also  used  in  determining  the  statistical  significance  of  a  statistical  analysis. 

Fair  employment  is  a  socio-economic  condition  in  which  all  people  who  wish  to  work 
for  a  living  shall  have  a  reasonable  opportunity  to  obtain  employment  in  a  position  in  which 
they  can  utilize  their  potential  capability  to  the  fullest  and  for  which  they  shall  receive 
equitable  differential  compensation  related  to  differential  in  levels  of  work  complexity. 

(Elliott  Jaques  and  Stephen  D.  Clement,  Executive  Leadership,  Cason  Hall  &  Co.,  Arlington 
VA,  1991,  p.  126.) 

Chunks  or  Chunking 

Researchers  have  also  found  that  people  organize  information  into  groups  of 
relatedness,  called  chunks,”  in  order  to  retain  the  information  in  short-term  memory. 
Chunks  themselves  are  "familiar  patterns"  that  come  to  be  understood  through 
experience  as  a  unit,  and  as  learning  continues  become  increasingly  larger  and  more 
interrelated.  When  new  stimuli  are  related  to  this  stored  information  and  recognition  of  a 
pattern  occurs,  ideas  and  actions  appropriate  to  the  situation  are  elicited  from  memory 
(quoted  by  Rashi  Glazer,  "Measuring  the  Knower;  Towards  a  Theory  of  Knowledge 
Equity,"  California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp. 
175-194).  A  related  theory  suggests  that  cognitive  elements  in  working  memory,  long¬ 
term  memory,  and  short-term  memory  are  represented  as  nodes  in  a  network.  As  a 
person  gains  more  knowledge  in  an  area  and  begins  to  make  connections  between 
abstract  principles  and  actual  events,  links  between  nodes  are  created  and  strengthened. 
Expert  s  networks  may  be  more  efficient  as  a  result  of  increased  speed  through  network 
links.  See  Debra  C.  Hampton,  "Expertise:  The  True  Essence  of  Nursing  Art"  {Advances  in 
Nursing  Science,  17/1,  September  1994,  pp.  15-24)  and  Dorothy  Leonard  and  Sylvia 
Sensiper,  The  Role  of  Tacit  Knowledge  in  Group  Innovation"  (California  Management 
Review,  Berkeley,  CA,  1998,  Vol.  40,  No.  3,  pp.  112-132,  Note  15). 
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Confidentiality,  Integrity,  Availability,  Nonrepudiation,  and  Authentication  (CIANA) 

The  information  assurance  acronym,  CIANA  itemizes  the  major  factors  in  computer 
security:  CIANA  is  studied  at  the  IRMC's  Managing  Information  Security  in  a  Networked 
Environment  Course,  required  to  achieve  NSTISSI 4011  certification. 

Men  and  nations  behave  wisely  once  they  have  exhausted  all  the  alternatives.  (Abba 
Eban,  cjuoted  by  Noah  ben  Shea  in  GtcuI  Jewish  Quotes^  Ballantine  Books,  New  York,  1993.) 

Ciphertext 

Text  that  has  been  encrypted  as  opposed  to  cleartext  or  plaintext. 

I  really  didn't  say  everything  1  said.  (Yogi  Berra,  The  Yogi  Book,  Workman  Publications, 

New  York,  1998,  p.  9.) 

Cleartext — see  Encryption 

Text  that  has  not  been  encrypted  or  has  already  been  decrypted  so  that  anyone  can 
read  it — as  opposed  to  ciphertext.  Also  known  as  plaintext. 

1  have  never  been  hurt  by  anything  1  didn't  say.  (Calvin  Coolidge,  Leo  Rosten  s  Coynivnl 
of  Wit,  E.  P.  Ehjtton  &  Co.,  New  York,  1994,  p.  99.) 


Clicks  and  Mortar 

An  intermediate  category  between  traditional  "bricks  and  mortar"  businesses  with 
physical  locations  only  and  dot-coms'  "clicks  and  order"  which  do  not  have  traditional 
locations.  Businesses  referred  to  as  "clicks  and  mortar"  have  physical  locations  but  sell 
through  the  Web  as  well.  Thus,  unlike  Amazon,  a  clicks  and  order  Web-based  company, 
Barnes  and  Noble  was  a  traditional  bricks  and  mortar  company  but  then  added  a  Web 
site,  becoming  a  clicks  and  mortar  business. 

Life  is  what  happens  when  you've  planned  something  else.  (M.  Scott  Peck,  Further 
Along  the  Road  Less  Traveled,  Simon  &  Schuster,  New  York,  1993,  p.  193.) 


Client/Server 

This  is  a  type  of  computer  network  in  which  a  network  server  services  a  number  of 
client  computers.  Frequently,  software  applications  reside  on  the  server  and  are 
downloaded  onto  requesting  clients  as  needed.  This  can  reduce  the  number  of  overall 
licenses  required.  Laptop  or  notebook  computers,  however,  generally  have  the 
applications  resident  on  the  computer  since  download  time  via  56  kbs  modems  would 
require  inordinate  latencies.  Clients  and  servers  are  generally  connected  via  local  area 
networks  in  most  organizations,  but  servers  are  usually  accessible  through  firewalls  from 
the  Internet  or  dial-up  connections.  Computers  today  have  great  computing  power  and 
are  considered  "thick  clients."  However,  dumb  terminals  (common  in  the  past  when 
attached  to  large  mainframe  computers)  are  making  a  come-back  due  to  increased 
bandwidths  and  data  rates  provided  by  asynchronous  transfer  protocols  or  by  improved 
Ethernet.  Such  computer  terminals  are  called  "thin  clients." 
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For  without  the  inner  the  outer  loses  its  meaning;  and  without  the  outer,  the  inner  loses 
its  substance.  (R.  D.  Laing,  Capital  M,  Metropolitan  Washington  Mensa,  1994,  Vol.  29,  No.  5, 
May1,p.  1.) 

Client-Side  Software 

Client-side  software  resides  on  each  client's  computer.  It  is  required  for  some 
applications  (e.g.,  PKl).  Such  an  implementation  adds  cost  and  complexity  to  a  system, 
but  may  be  required  to  attain  the  benefits  of  some  applications.  Where  it  resides  can  affect 
its  ease  of  use.  For  example,  it  can  be  placed  in  the  browser  space. 

Catch-UP  is  an  application  that  analyzes  programs  on  your  hard  drive  and  generates  a 
customized  list  of  updates  available,  including  download  sites: 
http:  /  /  www.manageable.com. 

Every  individual  really  does  have  his  or  her  actual  and  measurable  level  of  potential 
capability  that  demands  an  actual  and  measurable  level  of  work  to  satisfy  it,  in  just  as  real 
and  substantial  a  sense  as  the  fact  that  a  hungry  stomach  requires  food  or  the  person  will 
star\'e.  (Elliott  jaques  and  Stephen  D.  Clement,  Executive  leadership,  Cason  Hall  &  Co., 

Arlington,  VA,  1991,  p.  126.) 

Clinger-Cohen  Act  (CCA)  http://www.itpolicv.gsa.gov/mks/i-cas-leg/sri24  on.hfm 

The  Information  Technology  Management  Reform  Act  (ITMRA)  of  1996,  Division  E  of 
the  National  Defense  Authorization  Act  for  Fiscal  Year  1996,  P.  L.  104-106,  was  signed 
into  law  on  February  10, 1996,  with  an  effective  date  of  August  8,1996.  Section  808,  Title 
VIII  of  the  Omnibus  Consolidated  Appropriations  Act  of  1997,  P.  L.  104-208,  renamed  the 
Federal  Acquisition  Reform  Act  (FARA),  Division  D  of  the  National  Defense 
Authorization  Act  for  Fiscal  Year  1996,  and  the  ITMRA  as  the  Clinger-Cohen  Act  of  1996 
(40  U.S.C.1401  et  seq.).  The  purpose  of  Division  E  is  to  strengthen  the  federal 
government's  management  of  IT  to  reduce  costs,  improve  agency  operations,  and 
enhance  services  to  the  public. 

A  key  goal  of  the  Clinger-Cohen  Act  is  for  agencies  to  establish  processes  for  selecting, 
managing,  and  evaluating  IT  investments  to  ensure  that  they: 

1)  provide  a  positive  return  on  investment; 

2)  contribute  to  observable  improvements  in  mission  performance;  and 

3)  are  implemented  at  acceptable  cost  and  risk  within  reasonable  time  frames.  The 
Clinger-Cohen  Act  also  established  the  position  of  chief  information  officer  in  federal 
agencies  {Glossary  of  IM/IT ,  KM  Terms).  The  Information  Technology  Management 
Reform  Act  redefined  IT,  identified  new  responsibilities  for  IT  acquisition,  gave  new  IT 
responsibilities  to  agency  heads  and  the  Office  of  Management  and  Budget,  eliminated 
the  Brooks  Act  (which  greatly  slowed  IT  acquisitions),  emphasized  new  IT  acquisition 
strategies;  corrected  Paperwork  Reduction  Act  implementation  by  prohibiting  chief 
information  officers  (CIOs)  from  performing  collateral  duty,  being  dual-hatted,  or  being 
placed  too  low  in  the  agency  pecking  order  to  be  effective;  and  added  the  objective  to 
reduce  costs  by  5  percent  while  improving  performance  by  5  percent. 

The  CCA  is  essentially  a  compendium  of  IT  best  practices  mostly  developed  in  the 
private  sector.  Executive  Order  (EO 13011,  Federal  IT,  1996,  July  26)  is  the  CCA/PRA 
implementing  directive  (and  Government  Performance  and  Results  Act  mission-based 
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performance  measures)  Hittp:/  /wwwjtp_pJ_icY.^agQYZ^^  /exo13Ul  Lhtm  or 

h l-l-p:  /  / www.do.hq.af .mil /private  / gpra •.shtml)  whose  goal  is  improved  IT  systerns 
management  and  a  secure,  interoperable  federal  government.  It  specifies  a  Federal  CIO 
Council  IT  requirements  board  (ITRB),  and  government  IT  services  board  (GITS)  as 
expert  resources  across  the  goverrunent.  For  OSD  implementation,  see 
http-  /  /tArTAm-  rmd  mil/doc/index.html.  DoD  has  been  very  proactive  in  implementing 
CCA  including  issuance  of  the  Guide  for  Managing  IT  as  an  Investment  and  Measuring 
Performance,  creating  the  DoD  CIO  Council,  drafting  a  DoD  IT  strategic  plan,  issuing  IT 
acquisition  oversight  policy,  etc.  While  agencies  have  one  CIO,  EO 13011  provide  a 
dispensation  to  DoD  to  have  Service  CIOs,  which  has  been  extended  to  other  DoD 
components  (IRMC  New  World  of  the  CIO  Course).  See  8121  (IRMC  Advanced 
Information  System  Acquisition  Course),  http:  /  / frwebgate^rcess.gpo.gov/cgir  ^ 

bin/vispftp.rgi?TPaddress=wais.access.gpjx£mLfilenamiEimbllQQT(MMipect^^ 

H.-.kr/wms/data/104  rone  public  laws  (IRMC  Assuring  the  Information  Infrastructure 

http:  /  /  WWW  dnn-imit.navv.mil/cca  /  confirmation  provides  the  topics  and  guidance 
to  prepare  CCA  compliance  for  acquisition  category  (AC AT)  ID,  IC,  II,  III,  and  IV 
programs;  http:  /  /www.don-imit.navv.mil/ cca/ certification  provides  the  information 
requirements  to  prepare  CCA  Compliance  Certification  Reports  for  acquisition  category 
(ACAT)  INFOSEC  assessment  methodology  and  ACAT  lAC  programs.  ACAT I 
programs  are  generally  the  largest  monetarily.  IT  (formerly  AIS)  programs  have  an  A 
inserted  after  the  Roman  numeral;  their  dollar  thresholds  are  smaller  than  for  other 
(weapons)  programs.  "D"  (weapons  programs)  or  "M"  (IT  programs),  following  the 
Roman  numeral,  signifies  review  at  the  DoD  level;  "C"  signifies  review  at  the  Component 
level  (e.  g.  Service  level). 


;m  or 


See  also,  the  Air  Force  legislative  link  page:  htt| 


'  w  w  w  .cio  .ho  .af.mil  /  private^ 


irivate  lawspage. 


The  value  of  portfolio  optimization  is  summed  up  by  the  director  of  global  IT  at  a 
pharmaceuticals  company,  who  said,  "If  you  allow  people  to  optimize  their  functionality  in 
a  silo  it  does  not  necessarily  add  up  to  a  common  corporate  good."  (MITRE  paper 
submission  on  the  "Value  of  Retum-On-Investment  (ROI)  Analysis  to  the  Government  and 
Other  Nonprofit  Organizations,"  for  the  2001 ISPA/SCEA  Conference.) 


Clumping  ... 

Organizing  knowledge,  information,  or  data  around  decision  points  to  promo  e 
efficient  and  effective  decision-making.  This  is  a  customer-  or  user-focused  organizational 
approach  (as  opposed  to  clustering).  Clumping  is  readily  analogous  to  object-oriented 
databases.  It  is  a  more  pragmatic  or  operational  approach  to  organizing  knowledge, 
information,  and  data. 

Wisdom  is  so  important  that  it  might  be  said  that  mankind  is  composed  solely  of  the 
Wise.  (Ibn  el-Murbarak,  quoted  by  Idries  Shah,  Thinkers  of  the  East,  Arkana  [Penguin],  New 
York,  1971,  p.  178.) 
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Clustering 

Organizing  knowledge,  information,  and  data  (KID)  around  similarities  (e.g.,  by 
fi^chonal  area).  It  can  be  done  using  a  standard  taxonomy.  Examples  include  the  phyla 
of  bidogy,  departments  in  colleges,  books  in  libraries  (e.g.,  the  Dewey  decimal  system) 
etc^This  approach  is  a  worker-  or  specialist-focused  organizational  approach.  It  is  very' 
haditiona  and  reflects  human  needs  to  categorize  KID  so  as  to  mentally  encompass  it. 
Recently,  however,  scientific  breakthroughs  have  been  made  in  crossover  areas  and  new 
cross-disciplines  (e.g.,  biochemistry)  have  arisen  that  implicitly  challenge  older 
classification  schema.  Clustering  (especially  via  an  accepted  taxonomy),  however,  has  the 
advantages  of  standardization. 


pie  process  of  dividing  a  dataset  into  mutually  exclusive  groups  such  that  the 
members  of  each  group  are  as  'close'  as  possible  to  one  another,  and  different  groups  are 
as  far  as  possible  from  one  another,  where  distance  is  measured  with  respect  to  all 
available  variables."  See  An  Introduction  to  Data  Mining:  Pilot  Software  Data  Mining  White 
Paper)  (IRMC  Data  Management  Strategies  and  Technologies  Course). 


Brilliance  is  the  ability  to  look  at  old  things  in  a  new  way.  Our  mindsets  are  clusters  of 
interacting  i^as,  emotions,  and  attitudes  that  color  our  observations.  These  clusters— some 
people  call  them  their  philosophies  of  life— give  rise  to  expectations  that  we  tend  to  fulfill— 
meanwhile,  however,  our  objectivity  is  diminished  greatly  by  their  emotional  and  subjective 
quality.  Allowing  unexamined  mindsets  to  determine  our  attitudes  and  actions  can  result  in 
mental  stagnation,  which  is  often  manifested  as  arrogance  and  inflexibility  or  worse  as 
maladjustive  or  self-defeating  behavior.  (Christ  Zois,  Think  Like  a  Shrink,  Warner  Books 
New  York,  1992,  p.  2.) 


Cluster  Sampling 

Members  of  the  accessible  population  fall  into  convenient  clusters  of  people  so  the 
samplmg  process  randomly  selects  whole  clusters  from  the  full  population,  where 
everyone  m  the  selected  clusters  is  considered  part  of  the  sample  (IRMC  Measuring 
Results  of  Organizational  Performance  Course).  In  lieu  of  true  random  sampling,  if  the 
population  consists  of  discrete  subsets  whose  contents  are  homogeneous  within  the 
subset,  the  sampling  can  be  randomized  amongst  the  subsets,  possibly  requiring  less 
samples,  simplifying  the  process,  and  obtaining  improved  statistics 


•  risk-averse  people  per  square  foot  in  the  Pentagon  than  any  other 

in  the  world.  (Joseph  Cipriano,  Program  Executive  for  Information  Technology,  to  the 
Industrial  College  of  the  Armed  Forces  [ICAF],  March  28,  2002.) 


place 


Code-Division  Multiple  Access  (CDMA) 

CDMA  is  one  of  the  several  wireless  transmission  technologies/protocols  (such  as 
f  communication  [GSM]  and  time  division  multiple  access,  or 

MA).  After  digitizing  data,  CDMA  spreads  it  out  over  the  entire  bandwidth  it  has 
available.  Multiple  calls  are  overlaid  over  each  other  on  the  channel,  with  each  assigned  a 
unique  sequerrcecode^  CDMA  is  less  costly  to  implement,  requiring  fewer  cell  sites  than 
the  GSM  and  TDMA  digital  cell  phone  systems  and  provides  three  to  five  times  the 
calling  capacity.  CDMA  transmission  has  been  used  by  the  military  for  secure  phone  calls 
(  rom  Glossary  ofIM/lT  &  KM  Terms).  CDMA  was  developed  by:  Qualcomm,  AT&T,  and 


74 


Motorola.  It  has  seven  to  ten  times  the  capacity  of  analog  technology  and  six  times  the 
capacity  of  TDMA.  It  is  dual  band  and  operates  at  800/1900  MHz.  It  uses  a  14.4  kbps  data 
rate  (third  generation,  3G),  but  the  fourth  generation  is  expected  to  have  IM  kbp  (ten 
times  faster).  Verizon  Wireless  offers  CDMA  cell  phone  encryption  in  the  Washm^on, 
DC  area  Many  U.S.  cell  phones  use  CDMA.  Direct  sequence  spread  spectrum  (Dbbb)  is 
also  known  as  direct  sequence  CDMA  or  DS-CDMA,  (IRMC  Managing  Networked 
Security  in  a  Networked  Environment  Course). 

Nobody  goes  there  anymore.  It's  too  crowded.  (Yogi  Berra,  The  Yogi  Book,  Workman 
Publications,  New  York,  1998,  p.  16.) 


Collaboration— see  Knowledge  Hoarding 

Two  or  more  people  working  together  in  real-time,  or  in  a  "store-and-forward  mode. 
Collaborative  tools  or  applications  enable  a  group  of  people  to  collaborate  m  real-time 
over  a  network  using  shared  screens,  shared  whiteboards,  or  video  conferencmg. 
Collaboration  can  range  from  two  people  reviewing  a  slide  online  to  a  conference  o 
doctors  at  different  locations  sharing  patient  files  and  discussing  treatment  options 
{Knowledge  Management:  The  Catalyst  for  Electronic  Government,  Raymond  Barquin  and 
Alex  Bennet,  Eds.,  Management  Concepts,  Vienna,  VA,  2001  [USA]). 


There's  an  element  of  truth  in  every  idea  that  lasts  long  enough  to  be  called  corny. 
(Irving  Berlin,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  241.) 

The  value  of  an  idea  has  nothing  to  do  with  the  sincerity  of  the  man  who  expresses  it. 
(Oscar  Wilde,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday, 
Garden  City,  NY,  1983,  p.  119.) 


Collaborative  Commerce  (c-Commerce)  , ,  , ,  • 

Cartner  defines  c-commerce  as  "collaborative,  electronically  enabled  business 
interactions  among  an  enterprise's  internal  personnel,  business  partners,  and  customers 
throughout  a  trading  community.  The  trading  community  could  be  an  mdustry,  mdushy 
segmSit,  supply  chain,  or  supply-chain  segment."  He  calls  c-commerce  "the  next  era  of  e- 
business."  It  includes  both  customer  relations  management  and  supplier  relations 
management,  allowing  stakeholders  to  share  business  processes,  information,  etc. 
{Enterprises  Drive  Competitive  Advantage  Through  SRM  4/16/01). 

The  only  people  who  ever  prize  purity  of  ignorance  are  those  who  profit  from  a 
monopoly  in  knowledge.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New 
York,  1996,  pp.  81-82.) 

Command  and  Control  Research  Program  (CCRP)—  formerly:  Command,  Conhol, 
Communications,  Computers,  Intelligence,  Surveillance,  and  Reconnaissance  (C  S  ) 

Cooperative  Research  Project  .  .  ,  • 

CCRP  is  a  Department  of  Defense  project  that  does  research  in  information  security, 
information  operations,  and  command  and  control,  and  publishes  works  (frequently  via 
the  National  Defense  University  Press)  in  information  warfare  and  related  areas  (e.g.. 
Network  Centric  Warfare  by  Albers,  Carstka,  and  Stein),  http:/  / www.dodccrp.org. 
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Does  dissatisfaction  not  lead  to  a  desire  to  change?  ...  Too  little  dissaHsfaction  means 
no  desire  to  change^  Too  much  means  no  ability  to  change.  (Idries  Shah,  Thinkers  of  the  East, 

Arkana  [Penguin],  New  York,  1971,  p.  159.)  ^ 

Command  and  Control  Warfare  (C^W) 

The  military  strategy  implementing  information  warfare  (IW).  Integrated  use  of 
operational  security  (OPSEC),  military  deception,  psychological  operations,  electronic 
warfare,  and  physical  destruction,  mutually  supported  by  intelligence,  to  deny 
formation  to  influence,  degrade  or  destroy  adversary  C' capabilities,  while  protecting 
friendly  capabilities  against  such  actions  Ooint  Pub  3-13.1  Joint  C^W  Doctrine);  attack  on 
and  protection  of  the  C  target  set  (IRMC  Assuring  the  Information  Infrastructure 
Course).  C I  Pro  is  a  listserve  for  those  interested  in  Cl  (command,  control 
commumcations,  computers,  and  intelligence):  CJCS  MOP-30  3/8/93  Command  and 
ontrol  Warfare  promulgates  joint  policy  on  C'W  and  seeks  to  maximize  U.S. /allied 
jmtory  effectiveness  by  integrating  CW  into  military  strategy,  plans,  operations,  etc. 
Includes  counter-  C  efforts  such  as  those  listed  above)  and  C'-protection  efforts  by 
commanders-m-chief  (IRMC  Assuring  the  Information  Infrastructure  Course). 

7  in  Gettysburg  to  honor  the  memory  of  a  color-bearer  who  became 

isolated  from  his  regiment  after  a  charge.  The  regiment  retired,  but  the  color-bearer  and 
several  men  held  their  ground.  The  Major  sent  a  messenger  through  to  the  boy,  "Brine  the 
colors  back  to  the  regiment."  The  boy  replied,  "Bring  the  regimenrback  to  the  colors." 

(George  W.  Olmger,  Treasures  quoted  by  Jacob  Braude  in  Nezv  Treasury  of  Stories  for  Every 
Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  84^ 

Command,  Control,  Communications,  and  Intelligence  (C^I) 

f  7'  the  Department  of 

Defense  (DoD)  chief  information  officer  http://www.r3i .o^H  mil  /  Compatibility 

Interoperability,  and  Integration  of  Cl  Systems  (DoDD  4630.5,  November  12, 1992)  and 

Procedures  for  Compatibility,  Interoperability,  and  Integration  of  Cl  Systems  (DoDD  ^30.8 

for  cTfA^SDtrnuSr  ^  of  2/12/92  charters  the  Assistant  Secretary  of  Defeme 
for  C I  (ASD  [C  I])  (IRMC  Assuring  the  Information  Infrastructure  Course). 

life  '"^7  ®7^tegy  of  life:  the  essential  form  of  action  in  the  battle  that  is 

life  Itself,  (^wald  Spengler,  Der  Mensch  und  die  Technik,  C.  H.  Bech'sche,  Munich,  1932  p  7 
quoted  by  Joseph  Campbell  in  Historical  Atlas  of  World  Mythology  Vol.  I  The  Way  of  the  Animal 
1988  1^28^  Primitive  Hunters  and  Gatherers,  Harper  &  Row,  New  York, 

Command,  Control,  Communications,  Computers,  and  Intelligence  (Cl) 

Title  of  applicable  Service/Components  (e.g.,  OPNAV  N6  and  Joint  Staff  J6) 
apboerIa@np.s.navy  miJ;  http://www.stl.np.s.navv  > 

nPo,Sr°n  7 ^  n  showing  average  people  how  to  do  the  work  of  superior 

people.  (John  D.  Rocl^feller,  quoted  by  Jacob  Braude  in  Ncnv  Treasury  of  Stories  for  EvJry 
Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961  p  57 ) 
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Common  m  n-  i 

In  military  parlance,  common  refers  to  activities  performed  with  U.S.  allies,  primarily 

but  not  exclusively  NATO  allies.  For  example,  France,  Germany,  Italy,  Spain,  and  the 
United  States  developed  the  Multifunctional  Information  Distribution  System  (MIDS)  as  a 
common  (or  multinational)  system.  Such  international  cooperative  development 
programs  are  directed  by  an  international  steering  committee  under  an  international 
agreement  negotiated  among  the  member  nations.  The  costs  and  results  are  shared 
among  the  members.  Indubitably,  rationalization,  standardization,  and  interoperability 
(RSI)  are  primary  considerations  in  such  programs.  See  International  Cooperative  Research 
And  Development  Programs  by  Neal  Pollock  http:  /  /  www.dsmc.dsm.mil/ pubs/ 
a  rq  /  a  rq99  .htm#Summer .  The  Deputy  Under  Secretary  of  Defense  for  International 
Programs,  DUSD  (IP),  also  sponsors  International  Cooperative  Opporhmities  Groups  to 
encourage  additional  cooperative  development  programs  in  the  future. 


Discovereth  the  abilities  of  men,  and  employeth  them  according  to  their  merits.  (Sri 
Ramatherio,  Unto  Thee  I  Grant,  Supreme  Grand  Lodge  of  Ancient  Mystical  Order  Rosae 
Crucis,  San  Jose,  CA,  1971,  p.  31.) 


Common  Access  Card  (CAC) 

A  smart  card  intended  to  be  used  as  the  Department  of  Defense  (DoD)  standard 
identification  card  to  replace  existing  military  and  civilian  personnel  identification  cards 
and  serve  as  the  DoD's  authentication  token.  The  new  CAC  combines  multiple 
technologies  on  a  single  plastic  card,  including:  photograph,  microprocessor /embedded 
integrated  circuit  computer  chip,  magnetic  strip,  and  barcode.  The  CAC  will  be  the 
principal  card  used  to  enable  physical  access  to  buildings  and  controlled  spaces  and 
electronic  access  to  IT  systems  and  applications  that  access  the  Department  s  computer 
networks.  CACs  will  be  issued  to  active  duty  and  selected  reserve  personnel,  DoD  civilian 
employees,  and  eligible  DoD  contractor  personnel.  The  data /information  will  be 
encrypted  onto  the  CAC  that  can  also  hold  digital  keys  and  biometric  information  that 
can  be  loaded  at  a  later  date.  CACs  directly  enhance  security.  Users,  for  instance,  can 
remove  their  CAC  from  their  computer,  locking  it  from  other  personneFs  use  until  they 
return.  Upon  reentering  the  CAC,  the  computer  will  return  to  the  state  it  was  in  when  the 
GAG  wag  rpmnvpH .  Spp  httj:): / / www.govexec.eom/ features /.1201  /  1201s7.h.tm- 

Various  schemas  have  also  been  proposed  to  issue  a  national  identity  card  (with  CAC- 
like  functionality)  or  to  have  each  state  issue  its  drivers  licenses  as  CAC  cards  (they  could 
include  digital  certificates,  fingerprints,  etc.),  however,  proponents  of  personal  privacy 
oppose  such  efforts  —they  have  yet  to  succeed.  They,  perhaps,  feared  they  would  have: 

...  no  more  privacy  than  a  goldfish  (Irvin  S.  Cobb,  quoted  by  Frank  J.  Wilstack  in  A 
Dictionary  of  Similes,  Bonanza  Books,  NY,  MCMXXIV,  p.  301.) 

Common  Object  Request  Broker  Architecture  (CORE A) — see  glueware  and  middlev/are 
An  architecture  and  specification  for  creating,  distributing,  and  managing  distributed 
program  objects  in  a  network.  It  allows  programs  at  different  locations  and  developed  by 
different  vendors  to  communicate  in  a  network  through  an  "interface  broker  {Glossary  of 
IMAT  &  KM  Terms).  Objects  encapsulate  specific  functions  that  execute  on  remote  servers 
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A  machine.  Objects  have  language-neutral  interfaces  defined 

by  CORBA  interface  definition  language  (IDL).  Objects  can  be  new  or  can  be  wrappers 
around  existmg  code.  The  Object  Management  Group  (OMG)  is  a  nonprofit  organization 
ormed  in  1989  to  establish  standards  for  distributed  application  development.  It  consists 
of  over  500  companies.  CORBA  object  communication  is  handled  through  object  request 
^  communicate  with  each  other  via  Internet  inter-ORB  protocol 

skeletons  (created  with  IDL)  are  interfaces  to  remote  objects  An 
object  adaptor  activates  the  remote  object.  IDL  describes  the  remote  objects'  methods  and 
data  structoes,  allowing  wrapping  of  legacy  code.  IDL  mappings  exist  for  virtually  every 
anguage.  Netscape,  Oracle,  and  JavaSoft  are  employing  CORBA  in  their  products. 
CORBA  enables  communications  between  disparate  objects  residing  on  different 

"CORBA  Deals  with  Network  Transparency,"  BYTE  Magazine,  October 
1997  (IRMC  Data  Management  Strategies  and  Technologies  Course). 


8.  In  nature,  the  optimum  is  almost  always  in  the  middle  somewhere.  Distrust 
assertions  that  the  optimum  is  at  an  extreme  point.  (David  Akin,  professor.  University  of 

Spacecraft  Design"  [received  via  Internet  e-mail]  and  confirmed 
by  Dr.  Akin  dakin@umd.odij  or  DAKINf@SSj,.UMD.Fr)[  J  See 
http:/ /spacecraft.ssl.umd.edu/acadcmic.s/akins  lavvs.html.i 


Common  Operating  Environment  (COE)  also  referred  to  as  the  DII  COE _ see  DII 

A  set  of  software  components  intended  to  form  the  foundation  for  mission 
apphcatior^.  It  is  analogous  to  a  standard  engine,  transmission,  and  frame  upon  which  an 
auto  manufacturer  can  build  different  cars  (e.g..  Ford's  Sable  and  Taurus).  COE  is 
expected  to  improve  portability,  interoperability,  maintenance  costs,  and  the  software 
development  process.  It  is  sometimes  referred  to  as  DII  COE  since  it  is  associated  with  the 
efense  information  infrastructure.  The  COE  is  envisioned  as  having  several  levels  or 
ayers:  databases,  operating  system,  infrastructure  services,  common  support 
^plications,  standard  application  program  interfaces,  and  (interfacing  with)  various 
omam  mission  applications  (e.g.,  business,  intelligence)  across  the  three  levels  of  combat 

f  u  1  strategic).  The  global  command  and  control  system  (GCCS)  and 

global  combat  support  system  (GCSS)  use  the  DII  COE  (IRMC  New  World  of  the  CIO 
Course). 

The  DII  COE  establishes  an  integrated  software  infrastructure  that  facilitates  the 
migration  and  implementation  of  functional  mission  applications  and  integrated 
databases  across  information  systems  in  the  DII.  It  provides  architecture  principles, 
guidelines,  and  metiiodologies  that  assist  in  the  development  of  mission  application 
software  by  capitalizing  on  a  cohesive  set  of  infrastructure  support  services  Its 
specification  is  derived  from  the  complete  TAFIM  {Information  Management  '[IM]  Strategic 
Plan:  Information  Superiority  version  2.0,  DoD  CIO,  OCT  1999,  p.  35)  (IRMC  Measuring 
Results  of  Organizational  Performance  Course).  COE  goals  include:  reducing  the  number 
of  systems  management  personnel  through  centralized  systems  management,  improved 
sof^are,  and  automated  procedures;  simplifying  the  software  development  process  and 
makmg  it  less  expensive  (IRMC  Advanced  Software  Acquisition  Management  Course). 
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They  told  me  that  the  fish  . . .  were  cold-blooded  and  felt  no  pain.  But  they  were  not  fish 
who  told  me.  (Heywood  Broun,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York, 

1994,  p.  505.) 

Communication  Channels 

Pathways  used  to  send  and  receive  communications  (knowledge,  information,  data). 
They  can  be  formal,  informal,  technological,  human,  individual,  or  organizational. 
Frequently,  they  are  connected  together  in  networks.  Such  networks  are  comprised  of  the 
charmel  (usually  drawn  as  straight  lines)  and  nodes  (the  points  connected  by  the 
charmels).  The  latter  are  represented  as  points  or  circles  or  other  geometrical  figures. 
Communications  or  "comms"  channels  are  characterized  by  bandwidth  (capacity).  Nodes 
are  evaluated  in  terms  of  numbers  of  channels  and  specifically,  connections  (charmels)  to 
other  nodes  or  groups  of  nodes.  Not  all  nodes  are  created  equal.  For  instance,  in  social 
network  analysis  (SNA)  nodes  usually  represent  specific  individuals  (people). 
Suborganizations  generally  form  distinct  groups  of  nodes.  The  number  of  charmels  within 
these  groups  tends  to  be  high.  The  number  of  channels  between  groups  tends  to  be  lower. 
Specific  nodes  cormecting  different  groups  may  have  a  very  high  (but  often 
unrecognized)  value  to  the  organization  as  a  whole. 

Communication  plus  agreement  do  not  equal  comprehension.  (Idries  Shah,  Thinkers  of 
the  East,  Arkana  [Penguin],  New  York,  1971,  p.  161.) 

Communications  Assistance  to  Law  Enforcement  Act  (CALEA) 

To  restore  lost  electronic  surveillance  capabilities  and  prevent  new  ones  from 
occurring;  government  is  responsible  for  pre-1995  modifications  (up  to  $500  million), 
original  implementation  target  was  October  1998;  extended  to  Jime  2000  (IRMC  Assiuing 
the  Information  Infrastructure  Course). 

If  you  tell  the  truth  you  don't  have  to  remember  anything.  (Mark  Twain,  in  3,500  Good 
Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  151.) 

Communications  Decency  Act  (CDA)  of  1996— see  Telecommunications  Act  of  1996 

hr  Maine  we  have  a  saying  that  there's  no  point  in  speaking  unless  you  can  improve  on 
silence.  (Edmund  Muskie,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994, 
p.  38.) 

Community  of  Interest  (Col) 

A  group  of  individuals  with  a  common  interest.  This  interest  does  not  necessarily 
relate  to  their  day-to-day  work  or  current  tasking.  Communities  of  interest  may  share 
ideas  and  communicate  or  collaborate.  Members  of  a  Col  sometimes  migrate  into  a 
community  of  practice  (CoP)  in  the  same  domain.  Sometimes,  Col  members  can  greatly 
benefit  from  related  CoPs— their  interest  may  even  be  practical,  but  temporary. 
Organizational  upper  management  members  may  very  well  be  participants  in  a  Col  that 
is  supported  by  (informally  or  formally)  a  CoP.  The  Naval  Facilities  Engineering 
Command's  eNet,  for  instance,  includes  both  types  of  communities  such  that  they  can 
interact  with  each  other  on  a  domain  basis. 
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When  a  hundred  intelligent  heads  are  united  in  a  group,  the  result  is  one  big  fathead. 

(C.  G.  jung,  Lrttcrs,  Vol.  2,  Bollingen  Series  95, 1951-1961,  Gerhard  Adler  and  Aniela  Jaffe, 

Eds.,  Princeton  University  Press,  Princeton,  NJ,  1953-1975,  p.  220.) 

The  key  to  community  is  the  acceptance— in  fact,  the  celebration— of  our  individual  and 
cultural  differences  ...  can  only  occur  after  we  learn  to  become  empty — is  also  the  key  to 
world  peace.  (M.  Scott  Peck,  The  Different  Drum,  Simon  &  Schuster,  New  York,  1987,  p.  186.) 

Community  of  Practice  (CoP) 

A  group  of  individuals  with  a  common  working  practice  who  do  not,  however, 
conshhite  a  formal  work  team.  Communities  of  practice  generally  cut  across  traditional 
organizational  boundaries  and  enable  individuals  to  acquire  new  knowledge  otherwise 
unavailable  or  at  a  faster  rate.  Qualified  personnel  may  register  to  join  the  Knowledge 
Management  Community  of  Practice  (KMCP)  at:  http://www./www.don- 
10lit.navy.mil/quickplace  /,  The  DON  CIO  distributes  the  C-Port  CD  toolkit  that  has  a 
wealth  of  knowledge  and  information  concerning  communities  of  practice.  Its  editor, 
orchestrator,  and  primary  author  can  be  reached  at:  bob.turner@faa.gov.  Also,  see 
Government  Performance  and  Results  Act  CoPs  in  Balancing  Measures:  Best  Practices  in 
Performance  Management,  August  1999,  National  Partnership  for  Reinventing  Government, 
p.  43,  that  can  be  found  at:iittp:  /  / gov iir fo. I ibra ry. u n t.ed u  /npr  / 1  i bra rv  / papers  / bkgrd  / 
Mmeasure.html  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  The 
DoD  KM  CoP  is  now  located  at  http:/ / dodkm.communispace.coin  and  is  administered 
by  ka ren .  g i I m o re@d aii.mil 


Every  man  is  like  the  company  he  is  wont  to  keep.  (Euripides,  Phoenix,  fragment  809, 
from  Fnmiliar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  86a.) 

If  one  is  not  bound  by  a  common  goal,  one  just  cannot  stand  other  people,  for  they 
get  on  one  s  nerves  too  much.  (Mary-Louise  von  Franz,  Individuation  in  Fain/tales  Spring 

Publications,  Dallas,  TX,  1982,  p.  38.)  '  ' 

Community  is  a  true  alchemical  process  that  transforms  the  dross  of  our  differences 
into  golden  harmony.  (M.  Scott  Peck,  The  Different  Drum,  Community  Makiiw  and  Peace 

Simon  &  Schuster,  New  York,  1987,  p.  171.) 

Although  communities  of  practice  are  fundamentally  informal  and  self-organizing,  they 
benefit  from  cultivation.  Like  gardens,  they  respond  to  attention  that  respects  their  nature. 
You  can't  tug  on  a  cornstalk  to  make  it  grow  faster  or  taller,  and  you  shouldn't  yank  a 
marigold  out  of  the  ground  to  see  if  it  has  roots.  (Etienne  Wenger  and  William  Snyder, 
"Communities  of  Practice:  The  Organizational  Frontier,"  Harvard  Business  Review,  Januarv- 
February  2000,  p.  143  [Reprint  ROOllO].) 

Some  degree  of  natural  convergence  occurs  in  so-called  "communities  of  practice,"  in 
which  unconscious  work  norms  guide  much  of  the  interactions  among  members.  Managers 
mterrupt  these  tacit  work  practices  at  their  peril,  and  savvy  managers  may  make  good  use 
of  them  in  the  service  of  innovation.  Many  of  the  barriers  to  the  sharing  of  tacit  knowledge 
are  the  same  ones  that  inhibit  innovation  in  general:  hierarchies  that  implicitly  assume 
wisdom  accrues  to  those  with  the  most  impressive  organizational  titles;  such  strong 
preferences  for  analysis  over  intuition  that  no  one  dares  offer  an  idea  without  "hard  facts" 
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to  back  it  up;  and  penalties  for  failure  that  discourage  experimentation.  (Dorothy  Leonard 
and  Sylvia  Sensiper,  "The  Role  of  Tacit  Knowledge  in  Group  Innovation,"  California 
Management  Reviezv,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  112-132.) 

Community  of  Practice  Compact  Disk  (CoP  CD  or  CoP  Toolkit) 

Community  of  Practice  Compact  Disk  devised  and  distributed  by  the  Department  of 
the  Navy  Chief  Information  Office.  This  toolkit  is  the  groundbreaking  tool  in  assisting 
organizations  in  establishing  CoPs  in  order  to  improve  their  operations  and 
institutionalize  KM.  Version  1.0  was  issued  at  the  electronic  Business /Knowledge  Fair, 
August  30, 2001,  in  Washington,  DC. 

Employees  want  most  to  feel  good  about  themselves  and  what  they  do.  An  effective 
manager  enhances  both.  (Thomas  L.  Quick,  Quick  Solutions,  John  Wiley  &  Sons,  New  York, 

1987,  p.  251.) 

Compact  Disks  (CD) — see  Optical  Storage  Devices 

WOM:  write  only  memory  (Neal  Pollock).  You  read  data  in,  but  never  read  it  out 
again — totally  secure  and  trustworthy  and  unrepeated — e.g.,  CD-R. 

Comparative  Rating  Scale— see  Likert  and  Ordinal  Rating  Scales  and  Questionnaire 
A  scale  used  in  questionnaires  and  rating  forms  in  which  the  respondent  rates  the 
factor  being  judged  against  a  qualitative  statement  or  against  some  other  fector.  A  rating 
scale  comparing  items  or  measuring  changes  or  improvements  (e.g.,  5  =  significantly 
better,  4  =  better,  3  =  about  the  same,  2  =  worse,  and  1  =  significantly  worse)  (IRMC 
Measuring  Results  of  Organizational  Performance  Course). 

Everything  objective  is  the  outcome  of  that  which  is  subjective.  To  change  the  visible 
you  must  change  the  invisible;  and  this  can  be  cone  only  through  mind  and  heart.  (Will  L. 

Garver,  Brother  of  the  Third  Degree,  Purdy  Publishing,  Chicago,  1932,  p.  255.) 

Components — see  Departments  and  Services 

Divisions  of  the  Department  of  Defense  (DoD)  including:  the  four  Services  (USA, 
USAF,  USMC,  and  USN)  and  the  nonService  entities  within  DoD  (e.g..  Defense  Conhact 
Management  Command,  Defense  Information  Systems  Agency,  and  Defense  Logistics 

Agency). 

A  foolish  consistency  is  the  hobgoblin  of  little  minds.  (Ralph  Waldo  Emerson,  in  3,500 
Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p. 

125.) 

Computer  Emergency  Response  Team  (CERT) 

An  organization  chartered  or  empowered  by  an  information  system  owner  to 
coordinate  or  act  in  response  to  computer  emergency  incidents  that  threaten  the 
availability  or  integrity  of  its  information  systems.  Services  have  their  own  CERT  systems. 
Activities  usually  use  a  limited  number  of  extant  CERTs.  CERTs  may  also  provide 
information  on  current  threats,  http:  /  /  www.ce.rt,orgZsmiritYdmp^^  Carnegie- 

Mellon  University  is  known  for  its  CERT  capability.  According  to  the  General  Accounting 
Office,  knowing  that  an  organization  has  a  formidable  response  capability  has  proven  to 
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be  a  deterrent  to  hackers  and  other  unauthorized  users  (IRMC  Managing  Networked 
Security  in  a  Networked  Environment  Course),  cert@cei-t.mil  800-357-4231;  DSN  327-4700 
http:/ /www,cert.mil  (IRMC  Assuring  the  Information  Infrastructure  Course). 

Mistakes  are  their  own  instructors.  (Horace,  3,500  Good  Quotes  for  Speakers,  Gerald  F. 

Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  130.) 

Computer  Fraud  And  Abuse  Act  (CFAA),  18  U.S.C.  §  2707 

Prohibits  intentional  access  or  attempted  access  to  federal  interest  computers  to  obtain 
nahonal  security  information  with  intent  to  injure  the  United  States  or  to  the  advantage  of 
any  foreign  nation;  affect  the  government's  operation  of  computers;  alter,  damage,  or 
destroy  information;  or  traffic  in  passwords  (IRMC  Assuring  the  Information 
Infrastructure  Course).  It  establishes  two  felony  offenses:  first,  crimes  involving  national 
e  ense,  foreign  relations,  and  computers  used  for  governmental  purposes,  and  second 
trafficking  m  passwords  with  intent  to  commit  fraud  (IRMC  Developing  Enterprise 
Security  Strategies,  Guidelines,  and  Policies  Course). 

c  f  '^>•1  make  that  lie  come  true.  (Phil  Silvers,  in  The  Nav  Love 

Doat  [31  I V  movie.) 


Computer  Fraud  And  Hacking  Act  (CFHA),  18  U.S.C.  §  1030 

Prohibits  knowing,  unauthorized  access  of  a  computer  to  obtain  protected  defense  or 
oreign  relations  information  with  reason  to  believe  it  could  be  used  to  injure  the  United 
States  or  give  advantage  to  any  foreign  nation  and  willfully  deliver  information  to  any 
unauthorized  person;  intentionally  accessing  computers  without  authorization  and 
o  tammg  banking,  credit  card  or  consumer  credit  information  or  information  from  any 
U.S.  department  or  agency  or  affecting  use  by  the  U.S.  government  and  trafficking  in 
1  ^  information;  knowing  access  to  commit  a  fraud  (if  greater  than 

Jl.5,U00),  knowingly  cause  transmission  of  malicious  code,  intentionally  causing  damage  or 
transmission  with  the  intent  to  exhort  via  threats  to  cause  computer  damage  .  Depending 
upon  which  clause  (some  have  lesser  penalties):  first  offense  penalty:  maximum  of  10 
}^ars/maximum  of  $250,000.  Additional  offense:  maximum  of  20  years  (IRMC  Assuring 
the  Information  Infrastructure  Course).  ^ 

The  only  teacher  who's  worth  anything  to  you  is  your  enemy.  (Orson  Scott  Card 
Xenactde,  Tom  Doherty  Books,  New  York,  1991,  pp.  124-125.) 

Computer  Incident  Response  Team  (CIRT) 

A  te^  that  provides  direct  response  to  computer  incidents,  including  attacks  on  the 
system.  They  verify  incidents,  provide  technical  analyses  to  understand  the  nature  of  the 
system  compromise,  notify  other  involved  parties,  eradicate  the  effects  of  the  attack, 
perform  system  recovery,  archive  vulnerabilities,  provide  patches  and  resolutions,  and 
provide  tools,  education,  auditing,  and  consulting  and  product  evaluation. 
http://www.nipc.gov/incident/cirr.l-itm  or  nipc.watch@tbi.gov  The  February  1996 
revision  Office  of  Management  and  Budget  Circular  A-130,  Appendix  III,  Security  of  Federal 
Automated  Information  Systems,  requires  agencies  to  establish  formal  incident  response 
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mechanisms  and  awareness  training  of  these  mechanisms  for  employees.  The  federal 
computer  incident  response  capability  is  a  collaborative  effort  among  the  National 
Institute  of  Standards  and  Technology  (NIST),  the  Defense  Advanced  Research 
Agency's  (DARPA's)  CERT  coordination  center,  and  the  Department  of  Energy  s  (DoE  s) 
computer  incident  advisory  capability.  This  service  has  been  designed  to  provide  federal 
civilian  agencies  with  cost-reimbursable,  direct  technical  assistance  and  incident  handlmg 
support  (IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course). 
Other  NIST  publications  include:  Special  Publication  800-12  An  Introduction  to  Computer 
Security:  the  NIST  Handbook  of  10/95;  Special  Publication  800-13,  Telecommunications 
Security  Guidelines  for  Telecommunications  Management  Network,  10/95;  and  Generally 
Accepted  Principles  and  Practices  for  Security  Information  Technology  Systems  of  12/95  (IRMC 
Assuring  the  Information  Infrastructure  Course).  Information  Security:  Challenges  to 
Improving  DoD's  Incident  Response  Capabilities  (March  2001,  GAO-01-341).  CIRTs  provide 
verification  of  incidents,  technical  assistance  analysis  to  understand  the  compromise, 
notification  of  other  involved  parties,  eradication,  recovery,  vulnerability  archive,  patches 
and  resolutions,  tools  education,  audit  and  consulting,  product  evaluation  (IRMC 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

You  should  hammer  your  iron  when  it  is  glowing  hot.  (Publilius  Syrus,  Maxim  262, 
from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  125.) 

Computer  Network  Defense  (CND)  t  u  r  r  i- 

A  defensive  aspect  of  information  warfare  and  information  assurance.  In  the  Umted 

States,  it  includes  the  "defense  in  depth"  concept,  whereby  there  are  defensive  layers  so 
that  if  an  attack  succeeds  against  the  initial  layer,  it  still  must  penetrate  additional  layers 
to  have  a  (major)  negative  effect  upon  the  system  (network  in  this  instance).  This  is  an 
extension  or  application  of  the  same  principles  as  the  fleet's  missile  defenses,  which 
include  distance  defense  (anti-missile  missiles)  and  close-in  defense  layers  (CIWS  or 
Phalanx),  for  example.  However,  unlike  most  military  weapons  systems,  computer 
networks  face  insider  as  well  as  outside  attacks,  so  that  CND  must  also  address  the 
insider  threat.  CND  also  lends  itself  to  threat  and  risk  analysis  and  the  use  of  decision 
theory  methods.  CND  activities  are,  however,  restricted  by  legal  restrictions,  limited  by 
cultural  blinders  and  psychological  perceptions,  and  subject  to  cost  restrictions. 

Dr.  Robert  Oppenheimer,  who  supervised  the  creation  of  the  first  atomic  bomb, 
appeared  before  a  Congressional  Committee.  They  inquired  of  him  if  there  was  any  defense 
against  the  weapon.  "Certainly,"  the  great  physicist  replied,  "and  that  is— Dr- 
Oppenheimer  looked  over  the  hushed,  expectant  audience  and  softly  said:  "Peace." 

(Quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion 
Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  272.) 

Computer  Security  Act  of  1987  (CSA)  40  U.S.C.  759,  P.  L.  100-235  of  1/8/88 

Assigns  the  National  Institute  of  Science  and  Technology  (NIST)  to  devise  cost- 
effective  security  and  privacy  standards  and  guidelines  as  assisted  by  the  National 
Security  Agency  (NSA)  (an  MOU  signed  in  1989  clarifies  roles  and  responsibilities). 
Classified/ Warner  exempt  systems  are  excepted.  Established  the  National  Computer 
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System  Security  and  Privacy  Advisory  Board  (CSSPAB)  to  advise  SECCOM  and  NIST. 
Agency  security  policies  must  reflect  the  magnitude  of  potential  harm  from  compromise 
Summaries  of  agency  security  plans  shall  be  included  in  the  information  resources 
NSn  S  Paperwork  Reduction  Act.  National  Security  Directive 

.  ur  U  !r  executive  policy  in  line  with  the  CSA  and 

established  the  NSC  Policy  Coordinating  Committee  for  National  Security 

Telecommumcations  and  Information  Systems  (NSTISSC).  See  NCSC-1,  National  Policy  for 

Security  Material  Oanuary  16, 1981)  and  others 
(  RMC  Assuring  the  Information  Infrastructure  Course).  Reaffirms  NIST  responsibility  for 
secmity  of  unclassified,  nonmilitary  government  computer  systems;  NSA  provides 
imited  tec^cal  assistance  and  controls  sensitive  but  unclassified  (SBU)  computers 

^  pXfes  Courle).'^'^"’  Developing  EnteT>rise  Security  Strategies,  Guidelines, 

24.  It's  caUed  a  "Work  Breakdown  Structure"  because  the  Work  remaining  will  grow 
until  you  have  a  Breakdown,  unless  you  enforce  some  Structure  on  it.  (David  Akin, 
professor.  University  of  Maryland,  "Akin's  Laws  of  Spacecraft  Design"  [received  via 
n  emet  e-mail]  and  confirmed  by  Dr.  Akin  dakin@umd.cdii  or  DAKIN@SSi.  I  !Mnrnii 
jee mtp:/ /^^pacocraft.. ssl.umd.edu/academics/akins  laws  hh-nn  '  ~ 

Concurrent  Validity 

A  form  of  criterion-referenced  validity  in  which  already  validated  measures  are 
obtamed  from  the  same  group  of  cases  at  roughly  the  same  time  that  the  measures  are 
obtamed  usmg  the  instrument,  and  then  the  two  sets  of  measures  are  correlated  to  assure 
tey  are  related;  a  fype  of  criterion-referenced  validity  (IRMC  Measuring  Results  of 
gm^honal  Performance  Course).  If  one  measure  is  validated,  another  measure  can  be 
validated  (under  certain  conditions)  by  strongly  correlating  it  with  the  already  validated 

If  50  million  people  say  a  foolish  thing  it  is  still  a  foolish  thing.  (Anatole  France  3  500 
Gmi  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  198^  p. 

Confidence  Level 

The  threshold  of  acceptability  for  the  probability  that  a  particular  statistic  would  occur 
for  some  reason  other  than  chance  -  usually  95  percent  in  business  research  (IRMC 
Measurmg  Results  of  Organizational  Performance  Course).  The  probability  that  a 

Serrt  factor. 

PutiS;,';  NerVori9?2, 

Confidentiality 

This  IS  the  assurance  that  information  is  not  disclosed  to  unauthorized  persons 
processes  or  devices.  It  is  the  initial  letter  in  the  information  assurance  acronym.  Cl  ANA 
(confidentiality,  integrity,  availability,  nonrepudiation,  and  authentication),  which 
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itemizes  the  major  factors  in  computer  security.  Presently,  secure  socket  layer  (SSL) 
encryption  protects  the  buyer's  transmission  from  being  understood  by  the  unauthorized. 
In  future,  it  is  anticipated  that  public  key  infrastructure  will  provide  additional  assurance 
for  both  buyer  and  seller. 

The  Moving  Finger  writes;  and,  having  writ  Moves  On:  nor  all  thy  Piety  nor  Wit  Shall 
lure  it  back  to  cancel  half  a  line.  Nor  all  thy  Tears  wash  out  a  Word  of  it.  (Omar  Khayyam, 

The  Rubaiyat.) 

Connector  r  -i  j.  i.- 

Cormectors  are  people  who  connect  other  individuals  or  groups  to  others,  facilitating 

and  orchestrating  knowledge,  information,  and  data  transfers.  Malcolm  Gladwell  s  term, 
in  his  work  The  Tipping  Point,  to  designate  certain  individuals  who  excel  in  such 
connectivity  or  are  important  or  rare  links  within  a  network,  thus  they  may  be  major  or 
exclusive  nodes  in  a  social  network.  Frequently,  a  connector  may  be  the  only  person 
cormecting  a  segment  of  an  organization  to  the  rest  of  the  organization  so  that  the  true 
worth  of  the  individual's  efforts  are  distinctly  underrated.  Eliminating  such  a  node  would 
effectively  separate  the  segment  from  the  organization — decreasing  the  effectiveness  and 
efficiency  of  the  whole.  Connectors  tend  to  be  major  players  in  implementing  cultural 

changes. 

People  exist  by  virtue  of  the  help  they  give  to  one  another  . . .  Helping  people  improves 
the  helped  person's  life  and  keeps  the  helping  person  human.  (Chaim  Potok,  In  the 
Beginning,  Fawcett  Crest,  New  York,  1975,  p.  269.) 


Content— see  Content  Management 

Data,  information,  and  knowledge  contained  in  files  or  records  (e.g.,  Microsoft  Word 
or  in  a  book),  enabling  it  to  be  processed  (modified,  shared,  stored,  or  used)  by  an 
individual  or  IT  system.  Content  is  the  opposite  polarity  of  process— activity  that  acts 
upon  content.  Total  quality  management  and  reengineering  are  different  approaches  to 
improve  processes.  They  do  not  directly  address  content  that  is  treated  as  a  raw  material 
by  the  processes  employed.  Content  is  the  noun  to  the  process'  verb.  Content  can  be 
stored  in  databases  flat  files,  electronically,  or  in  treeware. 

A  musical  composition  by  a  master  does  not  have  its  perfect  technical  nature  altered 
when  played  either  by  a  beginner  or  a  virtuoso.  One  has  the  ability  more  than  the  other  to 
express  the  greatness  of  the  composition;  the  composition,  however,  is  the  same  for  both.  So, 
universal  consciousness  is  the  same  in  all  living  organisms  from  the  point  of  view  of 
mystical  pantheism.  The  personal  evolution,  both  of  the  physical  organism  and  the 
consciousness  of  the  individual,  is  what  makes  the  difference  in  the  display  of  the  universal 
consciousness  in  the  soul.  (Samuel  Rittenhouse,  "Souls  on  the  Planets,"  Rosicrucian  Digest, 

1975,  Vol.  LIII,  No.  2,  p.  24.) 

Content  Management— see  Content  and  Infoglut 

The  management  of  content.  "A  means  to  provide  meaningful  and  timely  information 
to  end  users  by  creating  processes  that  identify,  collect,  categorize,  and  refresh  content 
using  a  common  taxonomy  across  the  organization"  ("Is  Your  Content  Under  Control? 
The  American  Productivity  and  Quality  Center,  http:  /  /  www .apqc.org  /free /articles). 
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Such  management  can  be  individual,  organizational,  or  enterprise-wide.  Gartner  Group 
subdivides  it  into  four  segments:  enterprise  internal  content,  Web  site  content,  e-business 
transactional  content,  and  shared  content  ("The  Gartner  Group  Commentary- 
Framework  For  Content  Management"  Research  Note  COM-10-1618,  p.  1).  Enterprise 
content  management  has  been  defined  as;  the  creation,  delivery,  customization,  and 
management  of  content  across  the  enterprise  ("The  Content  Management  Market:  What 
You  Really  Need  to  Know,"  by  Priscilla  Emery,  Bulletin  of  the  American  Society  for 
Information  Science,  ASIS,  Washington;  October /November,  2001,  p.  1).  More  specifically, 
owever,  content  management  is  often  used  to  categorize,  index,  store,  search  for,  and 
retrieve  specific,  relevant  data,  information,  or  knowledge.  Many  tools  exist  to  accomplish 
such  ends,  but  increasing  infoglut  and  present  state-of-the-art  limitations  still  leave 
considerable  room  for  improvement  in  this  arena.  A  search  engine  may  be  70  percent 
effective,  but  if  yields  10,000  hits,  its  value  to  the  user  may  be  limited. 

A  book  IS  a  mirror:  If  an  ass  peers  into  it,  you  can't  expect  an  apostle  to  look  out.  (Georg 
Christoph  Lichtenberg,  Leo  Rasten’s  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p. 


Content-Oriented  Validity— see  Criterion-Referenced  Validity 

A  technique  for  assessing  the  validity  of  a  measurement  by  showing  there  is  evidence 
that  the  items  constituting  the  instrument  have  complete  and  representative  coverage  of 
e  actor  being  measured.  Two  techniques  are  face  validity  and  sampling  validity  (IRMC 
Measurmg  Results  of  Organizational  Performance  Course). 


of  the  great  presidents  of  Harvard,  Charles  William  Eliot,  was  bom  with  a  serious 
facial  disfigurement.  Later  when  the  tragic  trutlr  became  known  to  him,  his  mother  said. 
My  son,  it  is  not  possible  for  you  to  get  rid  of  this  handicap.  We  have  consulted  the  best 
surgeons,  and  they  say  nothing  can  be  done.  But  it  is  possible  for  you,  with  God's  help  to 
grow  a  mind  and  soul  so  big  people  will  forget  to  look  at  your  face."  (Quoted  by  Jacob 
Braude  in  Neiv  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc 
Englewood  Cliffs,  NJ,  June  1961,  p.  165.) 


Context 

The  relevant  environment  surrounding  information  or  knowledge  that  explicates  its 
meamng  and  reduces  ambiguity;  the  interrelated  conditions  in  which  something  exists  or 
ocems  (e.g.,  history,  associations,  and  subject  matter  experience).  Context  is  essential  in 
analyzing  and  understanding  content.  Situation  comedies,  for  instance,  even  in 
Elizabethan  times  (e.g.,  Shakespeare's  comedies)  often  base  their  humor  upon 
conversations  overheard  without  the  context.  They  readily  demonstrate  the  perils  of 
attempting  to  act  upon  content  without  the  proper,  associated  context.  Modern  television 
programs  frequently  use  the  same  technique. 


part  of  philanthropist  is  indeed  a  dangerous  one;  and  the  man  who  would  do  his 
neighbor  good  must  first  study  how  not  to  do  him  evil,  and  must  begin  by  pulling  the  beam 
out  of  his  own  eye.  (George  MacDonald,  Lilith  ,  ch.  XIV,  from  Phantastes  and  Lilith, 
herdman's  Publishing,  Grand  Rapids,  MI,  1964,  p.  250.) 
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Context(ual)  Sensitivity 

The  ability  (of  a  KM  system)  to  evaluate  its  context  when  analyzing  associated  content. 

If  you  are  an  executive  and  you  are  not  making  the  people  who  work  for  you  feel 
magical,  you  are  not  doing  your  job.  (Robert  Moore  and  Douglas  Gillette,  The  King  Within, 

William  Morris  &  Co.,  New  York,  1992,  p.  245.) 

Continuity  Of  Operations  Plan  (COOP) — see  Disaster  Recovery 

A  study  showed  that  "corporations  that  lose  access  to  their  data  for  10  days  are  at  risk 
of  failing."  "Two  1995  studies  by  Oracle  Corp.  and  Datamation  showed  that  average 
businesses  lost  between  $80,000  and  $350,000  per  hour  of  unplanned  outages.  After  the 
1993  World  Trade  Center  bombing,  145  of  350  businesses  which  were  located  in  the 
building  had  to  close  down  within  a  year  because  they  had  no  redundant  IT  structure 
(IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course).  See  the 
Clinton  Administration's  policy  on  managing  complex  contingency  operations  (PDD-56) 
of  5 /97’  http:  /  /  www.fas.org  / irp  /offdocs/ pdd-56.htm  (IRMC  Assuring  the  Information 
Infrastructure  Course).  Also  see  the  FEMA  COOP  Federal  Preparedness  Circular  (FPC-65) 
at  http:  /  /www.fas.org/irp/offdocs/pdd/ fpc-65.htm.  There  are  also  excellent  business 
continuity  plan  software  packages  available  from  commercial  vendors.  A  business  impact 
analysis  also  can  help  implementation.  The  major  elements  of  a  COOP  are:  plans  and 
procedures;  identification  of  essential  functions;  delegations  of  authority,  orders  of 
succession;  alternate  facilities;  interoperable  communications;  vital  records  and  databases, 
and  tests,  training,  and  exercises.  Provisions  should  be  made  for  an  iminterruptible  power 
supply  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course).  Redundancy  is  quite  cost-effective.  COOPs  provide  the  necessary  discipline  and 
processes  to  enable  an  organization  to  protect  itself  from  vulnerability.  A  well-written, 
periodically  tested,  and  updated  COOP  is  the  cornerstone  for  long-term  organizational 
operation  under  a  variety  of  challenges  and  attacks.  Organizational  survival  can  depend 
upon  the  COOP  and  its  proper  implementation. 

Think  to  yourself  that  every  day  is  your  last;  the  hour  to  which  you  do  not  look  forward 
wiU  come  as  a  welcome  surprise.  (Horace,  iv,  13,  Epistles,  Book  1  from  Familiar  Quotations  by 
John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  123.) 


Contractor  Off-The-Shelf  (COTS) 

Products  (equipment,  software,  etc.)  that  are  purchased  from  a  contractor  from 
inventory  (off-the-shelf)  as  opposed  to  designed,  developed,  and  produced  especially  for 
the  individual  customer.  COTS  items  are,  generally,  widely  and  publicly  available.  They 
are  usually  proprietary  and  source  code,  for  instance,  is  not  available.  COTS  users  are 
dependent  upon  the  contractor  for  upgrades  and  maintenance.  If  COTS  is  modified  (some 
call  this  MOTS),  COTS  changes  will  probably  require  tailoring  the  MOTS  to  reflect  the 
COTS  portions — reflecting  the  integration  challenges  of  using  COTS.  COTS  is  a  form  of 
nondevelopmental  item  (NDI).  Other  types  of  NDI  include  government  off-the-shelf 
(GOTS),  which  are  items  formerly  created  or  produced  by  or  for  the  government  for 
which  the  government  retains  rights  of  reuse.  While  government  contractors  generally 
retain  ownership  of  items  created  to  government  specifications,  the  government  retains 
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the  right  to  reuse  (generally  without  royalties)  without  violating  proprietary  restrictions 

Legacy  systems  are  usually  GOTS  and  may  contain  both 
COTS  and  GOTS  subsystems  and  components.  See  Carney  and  Obendorf's  "The 
Commandments  of  COTS:  Still  in  Search  of  the  Promised  Land/'  Crosstalk,  1997  Vol  10 
Na  5,  pp.  25-30;  http.7/stsc.hill.af.mil/CrossTa1k/1997/mav/rommandmPnK  himl 
(IRMC  Advanced  Software  Acquisition  Management  Course). 


1  think  we  should  leave  the  status  quo  as  it  is.  (A  "Yogi-ism"  from  Nea 


Neal  Pollock.) 


Contrast  Error 

A  type  of  rater  error  in  which  the  rating  of  a  subject  is  influenced  by  the  recent  rating 
of  pother  subject  that  was  extremely  strong  or  extremely  weak  (IRMC  Measuring  Results 
of  Organizational  Performance  Course). 


Only  a  mediocre  writer  is  always  at  his  best.  (W.  Somerset  Maugham,  quoted  by  Jacob 
raude  in  Nm  Treasury  of  Stories  for  Every  Speakmg  and  Writing  Occasion,  Prentice  Hall  Inc 
Englewood  Cliffs,  NJ,  June  1 961 ,  p.  40.)  '  ' 


Control  Group 

A  reference  standard  involving  measurements  obtained  from  a  similar  group  that 
experienced  another  form  of  the  intervention,  an  entirely  different  intervention,  or  no 
intervention  at  all  (IRMC  Measuring  Results  of  Organizational  Performance  Course), 
^en  performing  an  experiment  (intervention),  a  similar  group  is  also  selected  which 
oes  not  receive  the  change  or  intervention  or  receives  a  placebo  (so  the  participants  do 
not  know  that  they  are  the  control  group  but  assume  they  are  in  the  experimental  group). 
Results  from  the  control  group  are  used  as  a  benchmark  or  baseline  against  which  the 
results  of  the  experimental  group  can  be  compared  to  assess  the  effects  of  the  experiment 
or  intervention  to  determine  if  the  results  are  statistically  significant. 

A  salt  doll  once  went  to  measure  the  depths  of  the  ocean  ...  No  sooner  did  it  get  into  the 
ocean  than  it  melted.  Now  who  was  there  to  report  the  ocean’s  depth?  (Ramakrishna 
quoted  in  The  Gospels  of  Sri  Ramakrishna  by  Swami  Nikhilananda,  Ramakrishna- 
ivekanai^a  Center,  New  York,  1942,  p.  103,  as  quoted  by  Joseph  Campbell  in  The  Inner 
Reaches  of  Outer  Space,  Alfred  Van  der  March-St,  James  Press,  Toronto,  1986,  p.  70.) 


Control  objectives  for  Information  and  related  Technology  (CobIT) 

/,c  Jill Control  Foundation  (ISACF)  and  Association's 
(IbACA)  IT  Governance  Institute's  initiative  to  research,  develop,  publicize,  and  promote 
an  authoritative,  up-to-date,  international  set  of  generally  accepted  IT  control  objectives 
or  day-to-day  use  by  business  managers  and  auditors.  It  can  be  used  to  control  IT 
investments,  assure  security/ controls  of  IT  services  provided  by  internal  or  third  parties, 
and  substantiate  auditor  opinions  and  provide  advice  on  internal  controls.  See 

liLtp:/ /wvvw. ITgovernance.org  or  researcli@isara.org  847-253- 
Summary,  July  2000,  3"  ed.).  http://www.isaca.orir/rnbif  him 
(IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 
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Nothing  is  work  unless  you'd  rather  be  doing  something  else.  (Jacob  Braude,  Nezv 
Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood 
Cliffs,  NJ,  June  1961,  p.  118.) 

Convenience  Sampling — see  Verication 

A  subgroup  is  selected  as  the  sample  because  of  the  ease  with  which  data  can  be 
collected  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

There  is  always  an  easy  solution  to  every  human  problem — ^neat,  plausible,  and  wrong. 

(H.  L.  Mencken,  quoted  by  Lawrence  J.  Peter  in  The  Peter  Prescription,  William  Morrow  & 

Co.,  New  York,  1972,  p.  13.) 

Conventional  (Symmetrical)  Cryptography— See  Cryptography,  Encryption,  and  PKI 

An  alternate  name  for  symmetric  cryptography.  It  is  100  to  1,000  times  faster  than 
public  key  encryption,  but  requires  secure  distribution  of  shared  single  keys,  raising  its 
costs  and  risks  and  limiting  its  use.  The  size  and  strengths  of  conventional  cryptography 
do  not  directly  relate  to  those  of  asymmetrical  cryptography.  For  example,  an  80-bit 
conventional  key  size  is  approximately  equal  to  a  1,024-bit  PKI  key  size  in  strength.  A  128- 
bit  conventional  =  3,000-bit  public  key.  (IRMC  Managing  Networked  Security  in  a 
Networked  Environment  Course).  For  10,000  users,  the  number  of  symmetric  keys 
needed  =  (n)(n-l) /2  =  50  million;  or  the  number  of  asymmetric  keys  needed  =  2  x  n  = 
20,000.  The  ratio  of  symmetric  to  asymmetric  keys  required  is  (n  - 1)/4;  in  this  case  (10,000 
- 1)/4  is  slightly  less  than  2,500:1  (=50M/20k)  (IRMC  Advanced  Information  System 
Acquisition  Course). 

11.  Sometimes,  the  fastest  way  to  get  to  the  end  is  to  throw  everything  out  and  start 
over.  (David  Akin,  professor.  University  of  Maryland,  "Akin's  Laws  of  Spacecraft  Design 
[received  via  Internet  e-mail]  and  confirmed  by  Dr.  Akin  dakin@iimd..edu  or 
DAK1N@SSL.UMD.EDU.  See 

http:  /  / spacecraft.ssl.umd.edu  / academics/ akins  laws.htiTLl.) 

Convergent  Thinking  and  Divergent  Thinking— see  Strategic  Thinking  and  Systems 
Thinking 

A  dichotomy  of  thinking  styles  which  parallels  many  other  human  polarities  such  as: 
strategic  programming  versus  strategic  planning;  analysis  versus  synthesis  (or 
integration),  inside  the  box  and  outside  the  box,  Freud's  conscious  versus  unconscious, 
Jung's  personal  unconscious  versus  collective  imconscious,  Myers-Briggs  sensate  versus 
intuitive,  closed  systems  versus  open  systems,  etc. 

C.  G.  Jung  Institute  of  Chicago:  http:/ / www.jungchicago.org/  iung@aol,co.m. 

Convergent  thinking  tends  toward  the  usual  and  expected,  toward  retaining  the 
known,  learning  the  predetermined,  and  preserving  what  is;  divergent  thinking  tends 
toward  the  novel  and  speculative,  toward  revising  the  known  and  explaining  the 
undetermined.  One  favors  certainty,  the  other  favors  risk.  In  modem  Western  society  our 
education  tends  to  be  concerned  with  convergent  thinking,  rather  than  with  the 
encouragement  of  divergent  thinking.  It  transmits  knowledge  and  examines  for  it.  It 
provides  some  opportunity  for  creative  work  and  thought,  but  does  not  examine  for  it.  And 
there  is  always  the  hope  that  some  inspiration  will  rub  off  on  to  the  pupil  from  the  teacher  . . . 
Existing  knowledge  is  constantly  being  made  redundant  as  new  knowledge  is  gained.  Our 
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students  must  leam  how  to  go  about  revising  this  knowledge  adapting  the  change.  (Elliott 
Jaques,  Creativity  and  Work,  International  Universities  Press,  Inc.,  Madison,  CT,  1990,  p.  158.) 

Cookie 

A  short  ASCII  text  file  that  is  placed  on  the  hard  drive  of  an  individual  user's 
computer  by  some  Internet  sites.  Cookies  provide  Web  sites  with  user-specific 
information  and  preferences  that  can  enhance  the  users'  Web-surfing  experience. 
However,  when  implemented  and  used  inappropriately  by  Web  sites,  cookies  can  pose  a 
threat  to  user  privacy.  Users  can  tailor  their  browser  to  refuse  cookies,  although  that  may 
affect  use  of  some  Web  sites  and  preclude  using  others.  Cookies  are  useful  to  business-to- 
customer  firms  performing  CRM — tailoring  the  site  and/or  offerings  to  match  perceived 
user  preferences.  Netscape  introduced  cookies  in  Navigator  version  2.0.  The  original 
purpose  was  to  track  users  through  multiple  HTTP  requests. 

http:/ /www.netscape.com/newsref/std /ccxAie  spec.html  for  cookie  specifications  (IRMC 
Managing  Networked  Security  in  a  Networked  Environment  Course). 

Forecasting  is  the  art  of  drawing  useful  conclusions  from  inadequate  premises.  (George 
Steiner,  Top  Management  Planning,  1969,  MacMillan  &  Co.,  New  York,  p.  203.) 

Core  Functions  (Inherently  Governmental  Functions) 

Functions  that  should  be  performed  by  government  employees  and  not  by 
contractors.  With  the  advent  of  A-76  and  outsourcing,  emphasis  has  been  placed  on 
defining  which  functions,  presently  performed  by  in-house  government  workers,  could 
be  performed  by  nongovernment  personnel  (i.e.,  under  contract  to  the  government). 
^^O/GGD-92-11  of  Nov.  18, 1991,  states  "the  government  should  not  contract  out  its 
responsibilities  to  serve  the  public  interest  or  to  exercise  its  sovereign  powers."  The 
government  should  maintain  sufficient  in-house  capability  to  be  thoroughly  in  control  of 
the  policy  and  management  functions  of  an  agency,  and  "government  officials  should  be 
active  throughout  the  decision-making  process,  and  administration  begins  when  the 
conh-actor's  involvement  in  basic  management  functions  is  so  extensive  that  an  agency's 
ability  to  develop  options  other  than  those  proposed  by  the  contractor  is  limited." 
Inherently  governmental  functions  should  never  be  privatized,  but  may  be  outsourced  to 
other  government  agencies.  0MB  Circular  A-76  lists  some  such  functions.  The 
Comptroller  General  has  added  (e.g.,  drafting  and  preparing  responses  to  Congress  and 
testimony)  to  this  list.  Core  functions  are  reflected  in  the  core  skill  set  needed  by 
government  workers  to  perform  these  functions.  Additional  functions  are  needed  to 
provide  oversight  of  contractors  performing  noncore  functions  for  the  government  (IRMC 
Advanced  Information  System  Acquisition  Course). 

To  lift  a  soul  above  its  natural  level  is  a  dangerous  act.  Souls,  like  springs,  have  their 
natural  sources,  and  to  force  them  beyond  is  against  nature  and  therefore  a  dangerous  act. 

For  when  a  soul  is  forced  it  seeks  its  own  level  again  and  disintegrates,  being  tom  between 
upper  and  lower  levels,  and  this  is  also  dangerous.  True  wisdom  it  is  to  weigh  and  judge 
the  measure  of  a  soul  and  let  it  live  where  it  belongs  . . .  The  soul  of  every  creature  must 
make  its  own  shape,  and  none  can  compel  another  without  hurting  himself ...  To  teach  is  to 
invite  the  soul  to  heaven,  but  never  to  compel  it.  (Pearl  S.  Buck,  Pavilion  of  Women,  John  Day 
Co.,  New  York,  1946,  pp.  294, 311.) 
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Corporate  Yellow  Pages 

A  listmg  of  individuals,  their  expertise,  and  contact  information.  This  tool  can  be 
useful  in  locating  knowledgeable  personnel  within  an  organization.  However,  due  to  its 
impersonal  nature,  the  difficulty  of  capturing  and  maintaining  current  information  for  its 
entries,  personnel  turnover,  etc.,  its  usage  and  value  have  been  somewhat  limited.  An 
organization  must  determine  if  such  a  tool  is  cost-effective.  An  organizational  wiring 
diagram  or  organizational  chart  with  contact  information  may  be  sufficient  to  locate 
someone  who  can  provide  an  appropriate  contact  point  to  the  enquirer.  A  major  tradeoff 
factor  lies  in  the  number  of  levels  to  be  provided  in  the  yellow  pages,  how  it  will  be 
implemented  (e.g.,  on  an  intranet),  and  the  level  of  privacy  to  be  maintained.  Many 
organizations  no  longer  provide  extensive  information  on  personnel  and  locations  on 
open  (Internet)  sites. 

Let  each  man  exercise  the  art  he  knows.  You  cannot  teach  a  crab  to  walk  straight. 

(Aristophanes,  Peace,  421  B.C.,  1.1083  from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown 
&  Co.,  Boston,  1968,  p.  91a.) 

Correlation  http:  /  / www.surveysystem.com  / correlation.htm 

A  statistical  technique  determining  the  degree  of  relationship  between  two  sets  of 
scores  for  the  same  group  of  cases,  where  values  approaching  1.0  indicate  a  strong 
positive  relationship,  values  approaching  —1 .0  indicate  a  strong  negative  (inverse) 
relationship,  and  scores  around  0.0  indicate  a  lack  of  relationship  (IRMC  Measuring 
Results  of  Organizational  Performance  Course).  Correlation  shows  how  similar  two  items 
or  cases  are.  A  positive  correlation  indicates  a  great  amount  of  similarity  (possibly 
dependence  or  possibly  only  synchronicity).  A  negative  correlation  indicates  that  the 
items  are  opposite  in  effect  (still  possibly,  but  inversely,  dependent  or  only  synchronistic). 
No  correlation  indicates  a  lack  or  relationship  between  the  variables.  For  instance,  in  the 
Duke  Uruversity  studies  in  which  subjects  attempted  to  ascertain  which  of  a  set  of  cards 
was  selected  from  a  random  sample,  some  subjects  responses  scored  consistently  higher 
than  chance  (positive  correlation),  some  scored  consistently  lower  than  chance  (negative 
correlation),  and  some  scored  at  or  about  the  chance  level  (no  correlation). 

Correlation  analysis  is  the  statistical  measure  used  to  calculate  "derived  importance." 
Correlation  is  a  measure  of  the  strength  of  the  linear  relationship  between  two  items  such 
as  customer  service  and  customer  satisfaction.  Items  can  be  placed  appropriately  within  a 
four-quadrant  chart,  whose  quadrants  are: 


High  satisfaction,  low  importance 

High  satisfaction,  high  importance 

Low  satisfaction,  high  importance 

Low  satisfaction,  low  importance 

Each  item  has  a  dot /point  placed  within  one  of  the  quadrants.  In  this  case,  satisfaction 
is  on  the  y  (vertical)  axis  and  importance  is  on  the  x  (horizontal)  axis  (IRMC  Measuring 
Results  of  Organizational  Performance  Course). 

Occam's  Razor,  entiaproeter  necessitaten  non  sunt  multiplicanda  (Principles  are  not  to  be 
multiplied  beyond  the  necessary).  (C.  G.  Jung,  The  Structure  and  Dynamics  of  the  Psyche, 

CW8,  Pantheon  Books,  New  York,  1960,  p.  186.) 
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Cost  As  an  Independent  Variable  (CAIV)— see  Earned  Value  Management 
An  acquisition  reform-type  initiative  to  change  the  emphasis  in  program 
management.  Program  managers  generally  juggle  cost,  schedule,  and  performance 
(including  operability  which  some  break  out  as  a  fourth  factor).  In  the  past,  program 
managers  tended  to  keep  performance  relatively  constant  and  vary  cost  and  schedule  in 
response  to  overruns  and  schedule  slippages.  CAIV  is  an  attempt  to  keep  cost  constant 
and  shift  changes  to  requirements  and/ or  schedule  in  response  to  constant  and/or 
declining  Department  of  Defense  budgets. 

Rigsbee's  Rule:  The  threat  shrinks  to  match  the  dollars.  (CAPT  Clifford  Rigsbee  USN 
PMA264,  NAVAIRSYSCOM,  May  28, 1996.) 

Cost-Benefit  Analysis  (or  Benefit-Cost  Analysis) 

A  model  of  evaluation  which  determines  whether  the  financial  benefits  resulting  from 
an  intervention  exceeds  the  dollar  investment  made  in  the  intervention  (IRMC  Measuring 
Results  of  Organizational  Performance  Course).  It  is  a  simple  form  of  decision  theory 
based  on  the  La  Place  method.  It  can  serve  as  an  initial  hurdle  in  a  successive  hurdles 
evaluation  of  prospective  investments.  While  money  is  generally  used,  utility  theory 
could  also  be  applied.  Cost-benefit  analysis  is  an  approach  to  measure  the  cost 
effectiveness  (i.e.,  efficiency)  of  proposed  solutions. 

Cost  Analysis  Strategy  Assessment;  http:/ /www.dsmc.dsm.mil/con  main.hti-n 
http; /  / www.logsa.armv.mil  /air  /rrmn  / 

A  pessimist  is  someone  who  complains  about  the  noise  when  opportunity  knocks. 

(Michael  Levine,  "Winning  Words  of  Wisdom,"  Bottom  Line  Personal,  1996,  Vol  17  No  10 
P-12.)  ■  ' 

Council  of  Europe  Convention — see  European  Union  "basic  principles  ..." 

Governs  any  information  relating  to  an  identified  or  identifiable  individual;  applies  to 
public  and  private  sectors;  parties  may  refuse  to  share  information  with  others  whose 
laws  do  not  provide  equivalent  protection,  http:  /  /  www2.echo.lu  /legal  fen  / 
dataprot/ counceur/ conv.html,  (IRMC  Assuring  the  Information  Infrastructure  Course). 

Satyagraha — the  willingness  to  endure  great  personal  suffering  in  order  to  do  what's 
right . . .  what  matters  is  that  you  do  not  hide  from  the  consequences.  You  bear  what  must 
be  borne.  (Orson  Scott  Card,  Shadow  of  the  Hegemon,  Tom  Doherty  Associates  New  York 
2000,  p.  322.) 

Crackers 

Crackers  are  malicious  hackers  who  break  into  others^  systems  to  cause  harm  or  for 
illegal  purposes.  These  include  cyber  terrorists  (terrorists  operating  through  the  Internet), 
cyber  extortionists  (who  blackmail  financial  organizations),  and  practitioners  of 
information  warfare. 

The  adage  Do  unto  others  as  you  would  have  others  do  unto  you"  may  be  the  source 
of  a  lot  of  anguish  and  misunderstanding  if  the  doer  and  the  done  unto  have  different 
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styles.  (Deborah  Tarmen,  That's  Not  What  I  Meant,  William  Morrow  &  Co.,  New  York,  1986, 
p.  40.) 

Crawlers 

Applications  used  to  automatically  scan  unstructured  data  in  a  preselected  media 
(Web  sites,  etc.),  and  map  the  data  to  a  predefined  taxonomy  to  give  the  data  "meaning" 
in  its  context.  The  taxonomy  then  gives  this  unstructured  data  a  "knowledge  value"  based 
on  the  preset  classification  in  the  taxonomy  development.  A  crawler  automatically 
indexes  and  identifies  additional  key  concepts  that  can  be  searched  by  the  knowledge 
worker  (U.S.  Army). 

It  usually  takes  me  more  than  three  weeks  to  prepare  a  good  impromptu  speech.  (Mark 
Twain,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City, 

NY,  1983,  p.  24.) 

Creative  Abrasion 

When  a  group  of  diverse  individuals  addresses  a  common  challenge,  each  skilled 
person  frames  both  the  problem  and  its  solution  by  applying  mental  schemata  and  patterns 
he  or  she  understands  best.  The  result  is  a  cacophony  of  perspectives.  In  a  well-managed 
development  process,  these  varying  perspectives  foster  creative  abrasion,  intellectual 
conflict  between  diverse  viewpoints,  producing  energy  that  is  channeled  into  new  ideas  and 
products."  The  creation  of  such  intellectual  ferment  is  important  to  innovation  for  a  number 
of  reasons.  First,  the  more  options  offered  (up  to  a  point,  of  course),  the  more  likely  that  a 
frame-breaking  perspective  will  be  available  for  selection.  A  certain  "requisite  variety"  is 
desirable  for  innovation.^  Moreover,  experimental  research  has  demonstrated  that  a 
minority  opinion  offered  during  group  decision  making  stimulates  more  innovative 
solutions  to  problems— even  if  the  ultimate  selection  was  not  one  specifically  proposed 
from  a  minority  viewpoint.  Apparently,  just  hearing  a  very  different  perspective  challenges 
the  mindset  of  those  in  the  majority  sufficiently  that  they  will  search  beyond  what  initially 
appears  to  be  an  obvious  solution.  This  may  be  one  reason  that  intellectually  heterogeneous 
groups  are  more  innovative  than  homogeneous  ones.  As  a  recent  review  of  different  types 
of  group  diversity  concludes:  "The  diversity  of  information  [that]  functionally  dissimilar 
individuals  bring  to  the  group  improves  performance  in  terms  of  creativity."" 

For  abrasion  to  be  creative,  it  must  be  impersonal.  After  a  review  of  relevant  research, 

Lisa  Flope  Felled  suggests  that  group  diversity  based  upon  highly  visible  differences 
(gender,  race,  age)  leads  to  more  emotion-based  disagreements,  while  more  subtle  forms  of 
diversity  (educational  background,  personality)  are  more  likely  to  lead  to  intellectual 
disagreements.'’  This  model  suggests  that  the  more  that  diversity  in  tacit  knowledge  is 
sought  from  individuals  selected  because  of  readily  observable  differences,  the  more 
difficult  it  becomes  to  ensure  that  the  tacit  knowledge  is  heard,  is  valued,  and  is  targeted 
towards  the  innovation.  (Dorothy  Leonard  and  Sylvia  Sensiper,  "The  Role  of  Tacit 
Knowledge  in  Group  Innovation,"  California  Management  Review,  Berkeley,  CA,  Spring  1998, 

Vol.  40,  Issue  3,  pp.  112-132.) 

Good-to-great  management  teams  consist  of  people  who  debate  vigorously  in  search  of 
the  best  answers,  yet  who  unify  behind  decisions,  regardless  of  parochial  interests.  (Jim 
Collins,  Good  to  Great,  Harper  Business,  New  York,  2001,  p.  63.) 
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Criterion-Referenced  Validity— see  Content-Oriented  Validity 

A  technique  for  assessing  the  validity  of  a  measurement  by  determining  the  statistical 
relationship  between  the  scores  produced  by  the  instrument  for  a  group  of  subjects  and 
another  set  of  scores  for  the  same  group  of  subjects  that  are  an  acceptable  indication  of  the 
factor  being  measured.  Two  techniques  are  concurrent  validity  and  predictive  validity 
(IRMC  Measuring  Results  of  Organizational  Performance  Course). 

In  every  work  of  genius  we  recognize  our  rejected  thoughts.  (Ralph  Waldo  Emerson, 

Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  194.) 

Critical  Asset  Assurance  Program  (CAAP)— see  Critical  Infrastructure  Protection  and 
Defense-Wide  Information  Assurance  Program 

Identifies  critical  assets  (physical  and  information)  by  sector,  military  plan/op,  site, 
installation,  or  unit,  provides  business  case  for  asset  assurance  investments;  reconciles 
component  and  sector  assurance  activities;  coordinates  engineering  standards  for  physical 
assurance  designs,  practices,  and  countermeasures;  provides  integrated  risk  management 
decision  support  environment  (The  DoD  Critical  Infrastructure  Protection  [CIP]  Plan 
[FOUO]  of  11/18/98,  p.  23.  See  DoDD  5160.54  Critical  Asset  Assurance  Program  [CAAP] 
January  20, 1998)  (IRMC  Assuring  the  Information  Infrastructure  Course). 

After  Jones  joined  the  Army,  he  was  assigned  to  the  induction  center,  where  he  advised 
new  recruits  about  their  government  benefits.  One  of  these  was  the  availability  of 
government  GI  insurance.  It  wasn't  long  before  his  Captain  noticed  that  Jones  had  an  almost 
perfect  record  for  insurance  sales.  So  one  day  the  Captain  decided  to  attend  the  induction 
lecture  and  listen  to  Jones's  sales  pitch.  Jones  explained  the  basics  of  the  GI  Insurance  to  the 
new  recruits,  and  then  said.  "If  you  have  GI  Insurance  and  are  killed  in  battle,  the 
government  pays  $200,000  to  your  beneficiaries.  If  you  don't  have  GI  insurance,  the 
government  has  to  pay  only  a  maximum  of  $6,000."  "Now,"  he  concluded,  "which  bunch 
do  you  think  they  are  going  to  send  into  battle  first?"  (Received  as  Internet  e-mail;  a  story— 
not  stated  as  factual.) 

Critical  Infrastructure  Assurance  Officer  (CIAO) — see  Presidential  Decision  Directive-63 
The  CIAO  is  responsible  for  the  protection  of  all  of  an  organization's  critical 
infrastructures.  The  CIAO  establishes  procedures  for  vulnerability  assessments 
performed  on  computer  and  physical  systems.  The  Department  of  the  Navy  (DON)  CIAO 
was  appointed  by  Under  Secretary  of  the  Navy  Memorandum  (August  26, 1999).  The 
DON  CIAO  chairs  the  DON  Critical  Infrastructure  Protection  Council.  A  CIO  may  also 
serve  as  CIAO  or  have  a  subordinate  perform  that  function.  The  CIAO  must  address 
organizational  critical  infrastructure  protection  (CIP). 

The  CIAO  Council  will  provide  executive  oversight  for  the  implementation  of  the 
DoD  CIP  and  advice  to  the  Assistant  Secretary  of  Defense  for  Command,  Control, 
Communications,  and  Intelligence  regarding  responsibilities  as  CIAO,  CIO,  and  CIP 
Functional  Coordinator  for  National  Defense  (The  DoD  [CIP]  Plan  of  November  18, 1998, 
pp.  16-17)  (IRMC  Assuring  the  Information  Infrastructure  Course).  CIAO  guidance 
includes  10  related  tasks:  vulnerability  analysis,  remedial  plan,  warning,  response, 
reconstitution,  education  and  awareness,  R&D,  intelligence,  international  cooperation, 
and  legislation  and  budget  (IRMC  Advanced  Software  Acquisition  Management  Course). 
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Morris  the  loudmouth  mechanic  was  removing  the  cylinder  heads  from  the  motor  of  a 
car  when  he  spotted  the  famous  heart  surgeon  Dr.  Michael  DeBakey,  who  was  standing  off 
to  the  side,  waiting  for  the  service  manager  to  come  take  a  look  at  his  Mercedes.  Morris 
shouted  across  the  garage,  "Hey  DeBakey!  Is  dat  you?  Come  on  ova  here  a  minute.  The 
famous  surgeon,  a  bit  surprised,  walked  over  to  where  Morris  the  mechanic  was  working 
on  the  car.  Morris  straightened  up,  wiped  his  hands  on  a  rag  and  asked  argumentatively, 

"So  Mr.  Fancy  Doctor,  look  at  dis  here  work.  1  also  open  hearts,  take  valves  out,  grind  'em, 
put  in  new  parts,  and  when  1  finish  dis  baby  will  purr  like  a  kitten.  So  how  come  you  get  da 
big  bucks,  when  you  an'  me  is  doing  basically  da  same  work?"  Dr.  DeBakey  leaned  over 
and  whispered  to  Morris  the  loudmouth  mechanic.  "Try  doing  it  with  the  engine  running." 
(Received  via  Internet  e-mail.  Most  likely  an  apocryphal  story  or  Urban  Legend.  Not  found 
on  various  Urban  Legend  sites,  however.) 

Critical  Infrastructure  Protection  (CIP)— cf.  Critical  Asset  Assurance  and  Defense-Wide 
Information  Assurance  Programs 

CIP  is  the  function  or  discipline  to  protect  critical  assets  and  systems  essential  to 
operate  the  enterprise.  The  term  infrastructure  includes  systems  and  assets  that  enable  the 
Department  of  the  Navy  (DON)  to  accomplish  its  war  fighting  mission  and  core  business 
processes.  DON  CIP  leverages  efforts  of  the  Department  of  Defense  critical  infrastructure 
protection  implementation  staff  and  of  individual  organizations  through  integrated 
physical  and  cyber  and  on-  or  off-base  infrastructure  protection  strategies.  CIP  efforts 
normally  include  a  disaster  recovery  plan  and  continuity  of  operations  plan  (COOP),  cf. 
Federal  Preparedness  Circular  FPC  65,  Federal  Emergency  Management  Agency  (FEMA), 
July  26, 1999.  "CIP  determines  interrelationships  among  assets  (both  physical  and 
information)  within  sectors  and  among  sectors"  (The  DoD  Critical  Infrastructure 
Protection  [CIP]  Plan  [EOUO]  of  November  18, 1998,  p.  23;  "Critical  Foundations" 
summary  report  accompanying  the  President's  Commission  on  Critical  Infrastructure 
Protection  [PCCIP],  October  1997,"Cybernation:  The  American  Infrastructure  in  the 
Information  Age— A  Technical  Primer  on  Risks  and  Reliability,"  Executive  Office  of  the 
President,  Office  of  Science  and  Technology  Policy,  Washington,  DC,  April  1997 
http://www.whitehouse.gOv/news/releases/2Q01/10/20QllQ16-12.html).  Executive 
Order  13010,  Critical  Infrastructure  Protection,  designates  critical  infrastructures  as: 
telecommunications;  electric  power;  gas  and  oil,  storage  and  transportation;  banking  and 
finance;  transportation;  water  supply;  emergency  services;  and  government  services.  See 
"CIP:  Fundamental  Improvements  Needed  to  Assure  Security  of  Federal  Operations" 
(statement  of  Jack  L.  Brock,  Jr.,  before  the  Subcommittee  on  Technology,  Terrorism,  and 
Government  Information,  Committee  of  the  Judiciary,  U.S.  Senate,  October  6, 1999, 
GAO/T-AIMD-00-7,  GAO  1999),  and  "Legal  Eoxmdations:  Studies  and  Conclusions," 
{Report  to  the  President's  Commission  on  Critical  Infrastructure  Protection,  1997;  also  see 
hoaxes  on  the  Electronic  Pearl  Harbor  debate  (IRMC  Assuring  the  Information 
Infrastructure  Course). 


http:  /  /www.info-sec.com  http:  /  /  www.infowar.com. 

For  of  all  sad  words  of  tongue  or  pen,  the  saddest  are  these;  "It  might  have  been!"  (John 
Greenleaf  Whittier,  Maud  Miller,  1856,  stanza  53.) 
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Critical  Infrastructure  Protection  Council  (CIPC) 

The  Department  of  the  Navy  (DON)  Critical  Infrastructure  Protection  Council  was 
created  by  Under  Secretary  of  the  Navy  Memorandum  of  August  26, 1999.  The  council 
determines  the  necessary  efforts  to  institute  critical  infrastructure  protection  throughout 
the  DON,  contributes  subject  matter  experts  to  support  Office  of  the  Secretary  of  Defense 
sector  critical  infrastructure  assurance  officers,  identifies  resource  sponsors  and  asset 
owners  responsible  for  DON  critical  infrastructures,  and  recommends  resource  actions  to 
support  implementation  {Glossan/  oflM/IT  &  KM  Terms).  See  The  DoD  Critical 
Infrastructure  Protection  (CIP)  Plan  (November  18, 1998,  p.  23)  (IRMC  Assuring  the 
Information  Infrastructure  Course). 

The  unexnmined  life  is  not  worth  living.  (Socrates,  Lw  Roateu's  Carnival  of  Wit,  E.  P. 

Dutton  &  Co.,  New  York,  1994,  p.  283.) 

Cross-Tabulation 

A  statistical  teclmique  that  displays  the  number  or  percentage  of  cases  that  appears  in 
each  row,  column,  and  cell  of  a  two-dimensional  table  (IRMC  Measuring  Results  of 
Organizational  Performance  Course). 

Why  do  we  do  what  we  do  and  why  do  it  the  way  we  do?  Why  ignore  what  is  in  favor 
of  what  should  be?  (Eliminate  assumptions  in  Present  Processes.  Reinvention  Versus 
Improvement.)  (Michael  Hammer  and  James  Champy,  Recny/ncmYg  the  Corporation,  Harper 
Business,  New  York,  1 993,  p.  32.) 

Cryptanalysis 

The  science  of  analyzing  and  breaking  secure  communications.  It  includes  analytical 
reasoning,  mathematical  tools,  pattern  recognition,  patience,  determination,  and  lots  of 
luck!  Cryptanalysts  are  sometimes  called  attackers.  Cryptology  includes  both 
cryptography  and  cryptanalysis  (IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course). 

BBR:  Burn  Before  Reading. 

Cryptography  cf.  Public  Key  Encryption  and  Encryption 

Tlie  art  of  protecting  information  by  transforming  (encrypting)  it  into  an  unreadable 
format,  called  cipher  text.  Only  those  who  posses  a  secret  key  can  decipher  (or  decrypt) 
the  message  into  plain  text.  Encrypted  messages  can  sometimes  be  broken  by 
cryptanalysis  (also  called  code  breaking).  Presently,  the  state-of-the-art  technique  is  public 
key  infrastructure  (PKI).  Secure  sockets  layer  (SSL)  is  used  in  business-to-customer 
transactions  to  protect  user  information.  Cryptography  is  used  to  protect  e-mail  messages, 
credit  card  information,  and  corporate  data.  Formerly,  it  was  used  to  protect  military 
communications  and  intelligence  especially  during  wartime.  American  success  at 
cryptanalysis  during  World  War  II  led  to  victories  over  adversaries.  The  U.S.  Marine 
Corps'  Navaho  code  talkers  utilized  an  unusual  and  virtually  unbreakable  method  to 
protect  U.S.  communications  during  that  war.  The  Captain  Midnight  decoder  ring 
provided  children  with  an  early  demonstration  of  cryptography.  Parents  also  use  pig 
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Latin  as  a  form  of  encoding  to  pass  messages  undecipherable  by  small  children.  However, 
the  art  goes  back  at  least  to  Julius  Caesar,  who  used  a  letter  transposition  cipher  to  protect 
messages  sent  on  the  battlefield. 

If  you  cannot — in  the  long  run — tell  everyone  what  you  have  been  doing — your  doing 
has  been  worthless.  (George  MacDonald,  Phantastes  and  Lilith,  Eerdman's  Publishing,  Grand 
Rapids,  MI,  1964,  p.  11.) 

Cryptology 

The  art  and  science  of  encrypting/decrypting  data  (cryptography)  and  breaking 
encryptions  (cryptanalysis).  See  encryption  (IRMC  Managing  Networked  Security  in  a 
Networked  Environment  Course). 

My  work  is  so  secret.  I’m  not  allowed  to  know  what  I'm  doing.  (A  sign  on  Jim  Howard's 
desk  at  the  Naval  Air  Development  Center  [NADC],  Warminster,  PA,  1975.) 

Culture 

The  interrelated  set  of  features  characteristic  of  a  specific  group  of  people.  Culture  is 
one  of  the  definitive  factors  or  threads  holding  a  group  together  and  allowing 
commimications  and  understanding  through  a  shared  set  of  contexts  (e.g.,  language, 
perspectives,  values,  routines,  beliefs,  rituals,  social  forms,  ways  of  acting  or  being,  etc.).  A 
group's  culture  is  the  human  part  of  its  collective  environment.  It  affects  members' 
patterns  of  behavior  (consciously  and  imconsciously). 

It  is  only  the  few  who  clearly  express  the  spirit  of  the  present  in  any  age.  (C.  G.  Jung, 

Civilization  in  Transition,  CWIO,  Princeton  University  Press,  Princeton,  NJ,  1964,  p.  115.) 

Customer  Relationship  Management  (CRM) 

Now  considered  part  of  collaborative  commerce,  CRM  is  a  set  of  processes  through 
which  an  enterprise  seeks  to  better  serve  its  customers  (and  increase  sales  and 
profitability)  through  tailoring  its  activities  to  perceived  customer  preferences.  Thus,  an 
organization  such  as  Amazon.com  collects  information  on  customer  backgrotmd  and 
activities  in  order  to  predict  what  books  or  other  sellable  items  the  company  might  offer 
to  that  particular  customer.  Some  people  object  to  the  collection  of  such  information  on 
the  basis  of  privacy  concerns.  This  is  especially  relevant  when  companies  sell  such 
information  without  permission  of  the  individual  involved.  Thus,  today,  many  companies 
that  sell  directly  to  the  public,  for  instance,  provide  statements  on  Web  sites  and  hard 
copy  literature  assuring  customers  that  they  will  not  sell  (or  share)  such  personal 
information.  Other  companies  enquire  if  the  customer  would  allow  or  object  to 
distribution  of  information.  Of  course,  the  best  information  may  be  completely  within  the 
company's  control  (e.g.,  the  nature  of  prior  sales  to  a  particular  customer).  Nevertheless, 
this  information  may  be  limited  and  not  statistically  relevant.  Many  companies  ask  their 
customers  to  fill  out  questionnaires  to  enlighten  them  about  the  nature  and  intentions  of 
the  customers.  Some  offer  rewards  (e.g.,  entry  in  a  sweepstakes)  for  participating  in  the 
survey.  Car  rental  companies  establish  customer  profiles  and  even  default  conditions 
such  that  their  computer  can  automatically  assign  a  type  of  vehicle  when  a  reservation  is 
made.  The  customer  would  only  need  to  identify  deviations  from  the  norm.  CRM  works 
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best  for  both  customer  and  seller  when  a  long-term  relationship  is  established.  It  is  not 
desirable,  however,  for  those  persons  seeking  to  maintain  anonymity.  It  is  likely  that 
individual  reactions  to  CRM  are  highly  correlated  with  the  Myers-Briggs  Type  Indicator 
(MBTI)  personal  preferences  of  those  individuals. 

From  Gary  Hacker's  HR  Metrics  Neius  consolidated  from  Issues  1-5  (OPM): 

Using  Measures  To  Connect  Strategy  With  Customers  by  Robin  Lawton: 
http:/ / vvvvw.imtc3.com/measures2.html  6/02.  "Whether  we're  talking  about  the  mass  of 
a  star,  academic  aptitude,  pollution,  organizational  success  or  customer  satisfaction,  our 
evolution  in  understanding  a  topic  is  marked  by  our  ability  to  measure  it." 

Dwelling  in  a  concept  can  be  understood  as  a  dramatic  shift  of  perspectives:  You 
change  from  looking  at  to  “looking  with”  the  concept ...  If  they  commit  themselves  to 
looking  with  the  customer  at  his  problems"  rather  than  to  the  pleasantly  aloof  "looking  at 
the  customer  with  his  problems,"  they  start  to  see  the  world  through  a  new  lens.  (Georg  von 
Krogh,  "Care  in  Knowledge  Creation,"  Califomin  Mamgement  Review,  Berkeley,  CA,  Spring 
1998,  Vol.  40,  Issue  3,  pp.  133—153.  See  M.  Polanyi  and  H.  Prosch,  Menniiig,  University  of 
Chicago  Press,  Chicago,  1975.) 

Customer  Satisfaction 

A  measurement  or  indicator  of  the  degree  to  which  customers  or  users  of  an 
organization  s  products  or  services  are  pleased  with  those  products  or  services,  typically 
measured  by  an  attitude  questionnaire  (IRMC  Measuring  Results  of  Organizational 
Performance  Course).  Most  measures  (e.g.,  surveys  or  questionnaires)  actually  measure 
customer  perceptions  that  may  or  may  not  match  reality.  Nevertheless,  the  customer's 
reality  is  what  counts.  Sometimes  this  feedback  results  in  better  communications  with 
customers  and  better  public  relations  rather  than  changes  in  internal  processes  or  how 
one  does  business  from  a  closed  system  perspective.  In  other  words,  changing  an 
outcome  does  not  always  entail  changing  an  output.  Customer  satisfaction  =  performance 
A  expectations. 

The  vast  majority  of  people  are  quite  incapable  of  putting  themselves  individually  into 
the  mind  of  another  . . .  The  most  we  can  do,  and  the  best,  is  to  have  at  least  some  inkling  of 
his  otherness,  to  respect  it,  and  to  guard  against  the  outrageous  stupidity  of  wishing  to 
interpret  it.  (C.  G.  Jung,  Tivo  Essays  on  Analyticnl  Psychologi/  CW7,  Princeton  University 

Press,  Princeton,  Nj,  1966,  pp.  220-221.) 


eXOs 

This  is  a  generic  term  used  to  refer  simultaneously  to  members  of  the  set  of  executives 
having  similar  acronyms  that  only  vary  in  the  middle  of  three  characters  surrounded  by 
"C"  and  "O."  Thus,  it  includes:  CEOs  (chief  executive  officers),  CFOs  (chief  financial 
officers),  CIOs  (chief  information  officers),  CKOs  (chief  knowledge  officers),  CLOs  (chief 
learning  officers),  COOs  (chief  operating  officers),  CPOs  (chief  plamiing  officers),  etc.  It 
does  not  include  chief  petty  officers  or  (usually)  chief  privacy  officers. 

From  Gary  Hacker's  HR  Metrics  Neivs  consolidated  from  Issues  1-5  (OPM): 
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How  CEOs  Find  Often-Elusive  Answers  to  the  Measurements  that  Matter  by  Candace 
Walters:  http:/ / www.hrvvorks-inc.com/ art-nov2420Q0.html  4/ 02.  "Where  do  CEOs  go  to 
learn  the  most  vital  insights  about  running  their  companies?" 

What  the  CEO  Thinks  You  Know  by  Kevin  Wheeler: 
http://wvvvv.glresources.com/columns/What  CEO  Thinks.htm  5/02.  "There  is  a 
common  language  used  by  top-level  managers  in  every  company,  and  these  managers 
assume  you  can  speak  that  language.  It  is  a  language  centered  on  business  concepts  and  a 
handful  of  assumptions  they  make  daily." 

The  Executive  exists  to  make  sensible  exceptions  to  general  rules.  (Hiring  E.  Morison) 


Cybercash 

A  method  for  making  electronic  purchases  using  the  cybercash  organization.  To  use 
cybercash,  a  customer  chooses  the  item  being  purchased,  the  merchant  sends  an  electronic 
invoice  to  the  purchaser,  customer  okays  the  invoice,  a  MIME  message  opens  the 
customer's  wallet  and  sends  encrypted  credit  card  information  to  the  merchant,  merchant 
signs  (enters  an  identification  number)  and  sends  to  the  cybercash  server,  cybercash 
verifies  the  signatures  and  sends  the  credit  card  information  to  the  merchant's  bank,  the 
merchant's  bank  sends  it  to  the  customer's  bank  or  clearance  center,  cybercash  sends  an 
elex  receipt  with  credit  card  information,  and  a  confirmation  is  sent  to  the  customer. 

Money  speaks  sense  in  a  language  all  nations  understand.  (Mrs.  Aphra  Behn,  1640- 
1689,  The  Rover,  Part  11,  Act  1,  from  The  Oxford  Dictionary  of  Quotations,  Oxford  University 
Press,  New  York,  1980,  p.  38,  No.  18.) 

Cyberlaw,  Cyber  Attack,  and  Computer  Crime— see  Anti-Terrorism  Act,  Cable 
Communications  Policy  Act,  Commurvications  Assistance  to  Law  Enforcement  Act, 
Computer  Fraud  and  Abuse  Act,  Computer  Fraud  and  Hacking  Act,  Electronic 
Communications  Privacy  Act,  Foreign  Intelligence  Surveillance  Act,  information  warfare. 
Video  Privacy  Protection  Act,  Health  Insurance  Portability  and  Accountability  Act, 
Privacy  Act,  and  Wiretap  Statute 

See  Mark  Rasch's  "Criminal  Law  and  the  Internet,"  The  Internet  and  Business,  A 
Lawyer's  Guide  to  the  Emerging  Legal  Issues,  0oseph  Ruth,  Ed.,  The  Computer  Law 
Association,  1996  http: /  / cla.org/RuhBook/ chpll.htm)  and  Ethan  Katsch's  "Cybertime, 
Cyberspace  and  Cyberlaw"  (Journal  of  Online  Law,  College  of  William  and  Mary,  Wythe 
School  of  Law,  1995).  A  Cable  News  Network  interactive  survey  on  January  19, 1999) 
asked,  "What  should  be  the  proper  response  to  a  cyber  attack?"  received  the  following 
results:  retaliate  in  kind,  82  percent  (6,334  votes);  report  to  authorities,  15  percent  (1,153 
votes);  and  ignore,  3  percent  (259  votes).  The  magnitude  of  the  threat:  80-100  DoD 
intrusions/day;  67  percent  success  rate  with  only  4  percent  detected;  more  than  3,700 
incidents  were  handled  by  the  Computer  Emergency  Response  Team  in  1998,  a  65  percent 
increase  since  1996;  more  than  120  countries  have  computer  attack  capabilities,  one-third 
of  all  international  terrorist  incidents  are  aimed  at  the  United  States;  more  than  50  natural 
disasters  occur  in  the  United  States  annually;  300  percent  increase  in  FBI  WMD  criminal 
cases  since  1996;  60  percent  of  companies  have  experienced  financial  losses  due  to  cyber 
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crime  (IRMC  Assuring  the  Information  Infrastructure  Course).  See  http:  /  /  wvvw.pbs.org  / 

v^bh/ pages /frontline/ shows/hackers/interviews/christy.html  and 

hhpV  /  www.cvbercrime.gov/  (IRMC  Developing  Enterprise  Security  Strategies, 

Guidelines,  and  Policies  Course),  http:/ / www.oit.umass.edu /publications /at  oit/ 

Archive/fallOO/katsch&rifkin-mediate.html. 

Knowledge  is  difficult  to  measure  because  it  is  not  scarce  in  the  traditional  sense.  The 
defining  quality  of  information-intensive  environments  is  an  abundance,  and  not  a  scarcity, 
of  information.  However,  as  the  noted  psychologist  and  economist  Herbert  Simon  has 
suggested,  "What  information  consumes  is  rather  obvious;  it  consumes  the  attention  of  its 
recipients.  Hence  a  wealth  of  information  creates  a  poverty  of  attention,  and  a  need  to 
allocate  that  attention  efficiently  among  the  overabundance  of  information  sources  that 
might  consume  it."  If — in  the  information  age — information  and  knowledge  are  not  scarce 
but  abundant,  and  if  it  is  the  attention  of  the  information-processor  that  is  the  real  scarce 
resource,  then  in  measuring  the  knower,  we  are  valuing  a  scarce  resource  after  all.  (Rashi 
Glazer,  Measuring  the  Knower:  Towards  a  Theory  of  Knowledge  Equity,"  Californici 
Management  Reviezv,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  175-194.) 

CyberProtect,  (CyberProtect  exercise:  https: //iase.disa. mil  /  to  get  CDs  from  Defense 
Information  Systems  Agency)  iase@ncr.disa. mil 

This  is  a  simulation  of  a  LAN  system  aimed  at  developing  the  user's  ability  and 
understanding  of  the  interactions  and  effects  of  information  security  techniques  and 
devices  versus  possible  attacks  upon  the  system.  Users  have  four  rounds  (quarters  of  the 
year)  in  which  they  take  a  given  budget  and  purchase  a  number  of  possible  protective 
efforts  (at  varying  capability  levels  and  prices).  Then  several  random  attacks  are 
conducted  against  the  student's  designed  system  and  results  are  displayed  with  a  score. 
The  simulation  is  continued  through  all  four  quarters  to  complete  the  year  with  a 
resulting  overall  score.  Those  scoring  90  percent  or  higher  are  eligible  to  receive  a 
certificate  of  completion.  The  program  is  available  from  the  Defense  Information  Systems 
Agency  on  a  CD  and  is  used  in  the  IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course. 

When  in  doubt,  estimate;  in  an  emergency,  guess.  But  be  sure  to  go  back  and  clean  up 
the  mess  when  the  real  numbers  come  along.  (David  Akin,  professor.  University  of 
Maryland,  "Akin's  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and  confirmed 
by  Dr.  Akin  dakin@umd.edii  or  DAKIN€^SSl..UMD.r'Dl ).  See 
http:/ /spacecraft. ssl.umd.edu/academics/akins  law.s.html  i 

Cyberspace 

The  domain  of  the  Internet  and  World  Wide  Web.  Cyberspace  maps: 
http:/ / www.cvbergeography.com  /atlas/atlas.html. 


The  propagandists  of  cyberspace  have  a  tendency  to  speak  in  terms  of  discontinuity. 
The  new,  they  always  insist,  will  simply  sweep  away  the  old,  so  they  confidently  predict 
that  hypertext  will  replace  the  book.  (Here  they  might  do  well  to  pay  attention  to  The  Neiv 
York  Times'  confident  prediction  in  the  1930s  that  the  typewriter  would  replace  the  pencil. 
The  pencil  seems  to  have  won  that  particular  struggle.)  Or,  as  in  the  issue  at  stake  here,  the 
prediction  is  that  communications  technology  will  sweep  away  the  firm.  (John  Seely  Brown 
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and  Paul  Duguid,  "Organizing  Knowledge/'  California  Management  Review,  Berkeley,  CA, 

Spring  1998,  Vol.  40,  Issue  3,  pp.  90-111.) 

Cybrarian 

A  librarian  for  eloctronic  (including  multimedia)  materials.  A  cybrarian  utilizes  and 
shares  information  literacy  skills  to  enable  users  to  locate  and  access  knowledge, 
information  and  data,  both  internal  and  external  to  the  organization.  A  prime  tool  for 
cybrarians  or  individuals  performing  such  functions  (possibly  temporarily  or  for  their 
own  use  only)  is  the  Department  of  the  Navy  Chief  Information  Officer's  Information 
Literacy  Toolkit  CD. 

What's  the  long  pole  in  the  tentative?  (Neal  Pollock,  April  12, 2000.) 

Note:  below  is  a  small  and  partial  list  of  resources  available  on  the  Web.  No 
endorsement  or  criticism  is  extended  either  by  inclusion  or  noninclusion  of  sites.  It  is 
simply  a  sample. 

General  Search  Tools 

http: /  / www.yahoo.com/  has  own  search.com/ search;  http:/ /.www.yellow 
pages.com 

http:  /  /www.yellowpages.msn.com 
http:  /  /www.google.com/ 

Alta  Vista  search  engine:  http:  /  / www.altavista.digital.com/ . 

Finding  People/Places 

Find  people:  http:  /  /  www.whowhere.lycos.com/Phone 
Find  people:  http:  /  / www.lycos.com/ peoplefind/ 

Zip  Code  search:  http:  /  / www.usps.gov / nese/ 
http:  /  /  www.yahoo.com/ search/ people/ email.html 
Old  high  school  classmates:  http:/  / www.classmates.com 
Search  by  name  or  e-mail  address:  http: /  /people.yahoo.com/ 

White  Pages  Search  (USA):  http:  /  /  www.5.55-1212.com  to  look  up  phone  numbers 
Reverse  lookup:  http:/ / www.555-1212.com/whte  us.htm. 

Finding  Information 

Weather:  http:/ / www.msnbc.com/news/WEA  Front.asp 

English-language  newspapers /magazines  around  the  world:  http:/ / www.ecola.com/. 
Libraries,  news,  encyclopedias,  atlases,  maps  and  more: 
http://www.libraryspot.com/ 

>629  dictionaries  and  glossaries:  http:  /  /w ww.onelookxom 
Dictionaries:  English,  computing,  rhyming,  pronunciation  and  word  translation 
into  foreign  languages:  http:  /  / 'wn/vw.itools.com/ research-it/ research-it.htinj 
Access  all  info/log  on  to  online  accounts  w/ single  p/w: 
http:  /  /  www.accoimtminder.com. 
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Government 


Locating  government  and  business  information:  http:/  /  www.fedworld.gov/ 
Government  Officials  Online:  http:  /  / vvvvw.vvhowhere.lvcos.com /GovtPages 
Info/links  to  all  state  governments  and  related  resources:  http:  /  /  wvvw.50states.com  / 
National  Defense  University  Library:  http:/ / wwvv.ndu.edu/library/library.html 
DTIC  documents;  Science  and  Technology  (S&T):  http: /  / www.dtic.mil  /. 

Medical 

Doctors  of  medicine/osteopathy:  http:  /  /  wvvw.ama-assn.org Zaps /amahv.htm 
Information  on  medical  conditions/ procedures:  http:  /  /wvvw.  AnswerMeds.com 
Plain-talk  descriptions,  searchable  by  surgery  name  or  medical  condition: 
http :  /  /  a  n  s  vv  er  m  ed .  com  / 

Quality  ratings  on  hospitals/ physicians/health  plans/ nursing  homes/home  health 
agencies/hospice  programs:  http:  /  /vvww.healthgrades.corn 
Internet  Drug  Index  easily  searchable:  http:  /  / www.rxlist.com 
Signs  and  Symptoms:  Search  engine  to  research  your  symptoms: 
http:/  /  wvvw.ibionet.com. 

Travel 

Airport  Information  about  ground  transportation,  shops,  services,  hotels  and  terminal 
m^ps:  http:  /  / wwvv.quickaid.com  / 

Traffic  and  road  construction  reports:  http:  /  /  www.trafficstation.com 
DoD  Bus  Service:  http://vvvvw.dtir.mil/ref/busservice.html 
Getting  Through  Customs:  What  to  avoid  wearing,  saying,  or  doing  to  prevent 
offending  or  confusing  people  when  traveling  abroad: 
http:  /  /  vvww.getcustorns.com  /omnibus. html 

ATM  Finder  for  VISA"’:  http:  /  /visaatm.inhmow.net/hin  /  findN(nv?ONF= 

I&.CL1ENT  ID=VISA  USA&LOCATOR=VlSA  USA&TYPE=PERSONAT, 

ATM  Finder  for  MasterCard"  : 
http:/ /  WWW. mastercard.com/cardholder.services/atm/ 

Driving  Directions:  http:/ / www.mapquest.com/ 

Washington  Metropolitan  Area  Transit  Authority  (WMATA)  (Metrobus/Metrorail 
service):  http:/ /ww.w.washingtonpost.com/wp-srv /local /longterm /metro/front.htm 
State  Department  warnings:  http: // travel.state.gov  /  travel  warnings.html 
Foreign  travel  briefs:  http: /  /iweb.spa war.navy.mil  /services /security /docs / FP- 
ATBriefings.htm 

Center  for  Disease  Control — world  diseases  for  travelers: 
http:/  /  wwvv.cdc.gov/  travel/ index. htm#Geographic 

State  Department  W/Form  DSP-11  and  info  on  Passports/Visa's: 
http:/ / travel.state.gov/ passport  services.html 

No-fee  Passport  application:  http: /  / webl . whs.osd .mil  /forms / DPI  n56.PDF 
U.S.  Health  Service  advisories  around  the  world: 
http:  /  /  wvvw.cdc.gov  /  travel  /  index. htm#Geographic 

Latest  per  diem  rates:  http://www.dtic.mil/cgi-bin/cpdrates.pl 
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hf-fp:  /  /  www.dtic.mil  /perdiem/trvkegs.html 

World  Weather:  littp:  /  /www.tisa todav.com/weather/basemaps/vvworldl.htm. 

Finding  Items 

Whole  Internet  catalog:  http:  /  / vvww.pimall.com/ nais/bk.w-incat.htnil 

http://arrhive.ncsa.uior.edu/SDG/Softvvare/Mosaic/MetaIndex.htnrl. 

Books 

Book  Finder  Service:  http:  /  / www.bookfinder.com/ 

Out-of-Print  Books:  sea rch@ha rvestbooks.com 
Book  Search:  http:  /  / wwnv.addall.conri 
Amazon:  http:/ /vvww.any-book.com/ 

Borders:  http:/ / vvww.borders.com 

Amazon.com!:  http: /  / ww•v^^amazon.com / exec/ obidos/ stores /usanetm. 

Other  Products/ Services 

http:  /  /  search.cnet.com/Single/0,7,15Q422,00.html 
htt[r:  /  /vvwvv.vvorldpages.com 
http:  /  /  wwm^switchboard.com 
http:  /  /  www.bigbook.com 

Guide  to  investing  resources  on  the  Web:  http:  /  / wvvi^w.cyberinvest.com 
Savings  bond  redemption  values:  current  value  of  any  saving(s)  bond  issued  from 
May  1941  to  present:  http:  /  / app.ny.frb.org/ sbr 

Theater /music/art  events  nationwide  and  tickets  to  events  in  hundreds  of  cities: 
http:  /  /  www.culturefinder.com 

Movie  review  search  engine:  http: /  /entertainment.msn.com/ movies/reportcard/ 

Consumer  insurance  guide:  http:  /  / www.insure.com 

Reviews  of  top-rated  products:  http:  /  /  www.consumersearch.com 

AAA  shopping  connection:  http:/ / www.aaamidatlanfic.com. 

C^ISR  Integration  Support  Activity  (CISA) 

CISA  prepared  the  Command,  Control,  Communications,  Computers,  Intelligence, 
Surveillance,  and  Reconnaissance  (C^ISR)  Architecture  Framework  (CIS A-0000-1 00-96,  June 
1996).  This  is  the  Department  of  Defense  IT  architecture  (ITA)  per  the  Clinger-Cohen  Act 
and  Office  of  Management  and  Budget  Memo  M-97-16 
http:  /  /www.  whitehouse.gov/omb/memoranda/ m97-16--Mml. 

The  wise  man  hears  one  word — and  understands  two.  (Jewish  saying,  Leo  Rosten  s 
Carnival  of  Wit,  E.  P.  E>utton  &  Co.,  New  York,  1994,  p.  505.) 
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Data  . 

1)  A  r6pr6SGntation  of  facts,  concGpts,  or  instructions  in  a  formalized  manner  suitable 

for  communication,  interpretation,  or  processing  by  humans  or  by  automatic  means  (FIPS 
Pub  11-3).  Software  has  two  general  categories:  data  and  programs.  Programs  are 
collections  of  instructions  for  manipulating  data.  Data  are  inputs  which,  when  processed 
and  arranged  (clustered /clumped)  by  people,  become  information.  Thus,  data  is  a  low 
level  of  abstraction  t5rpe  of  content  whereas  programs  are  a  form  of  processing.  To  a 
computer,  data  is  a  series  of  l^s  and  O^s.  Assembler  and  Compiler  programs  translate  this 

data  in  information  usable  by  the  computer. 

2)  Data  also  refers  to  documents  deliverable  by  a  company  under  contract.  This  type 
of  data  is  described  in  a  Contract  Data  Requirements  List  (CDRL)  that  is  normally  part  of 
a  specific  contract.  Data  Item  Descriptions  (DIDs)  are  generic  descriptions  of  deliverable 
data  items. 

We  are  in  a  civilization  which  suffers  from  too  much  superficial  verbosity  and 
thoughtless  wordiness.  (Mary-Louise  von  Franz,  Individuation  in  Fairytales,  Spring 
Publications,  Dallas,  TX,  1982,  p.  156.) 

Data  Administration — see  Data  Management  and  Integrated  Definition  for  Information 
Modeling 

"According  to  the  American  National  Standards  Institute  (ANSI)  IT  Dictionary,  data 
administration  involves  the  performance  of  functions  such  as  specifying,  acquiring, 
providing,  and  maintaimng  the  data  of  an  organization.  This  is  slightly  different  from 
their  definition  of  data  management  ("functions  in  data  processing  systems  that  provide 
access  to  data,  perform  or  monitor  the  storage  of  data,  and  control  input/output 
operations"),  but  people  often  equate  data  administration  and  management.  Data 
administration  includes  developing  policies/ procedures,  strategic  planning /resource 
management,  enterprise  architecture,  standards,  repositories  (metadata),  reusable 
software  modules,  distribution,  warehouse  management,  quality  /security  for  data. 
Functionaries  include:  the  Department  of  Defense  (DoD)  data  administrator,  functional 
data  administrators,  and  component  data  administrators.  The  DoD  data  architecture 
includes  the  DoD  data  model  (DDM)  (IRMC  Advanced  Information  System  Acquisition 
Course)  http:/ /www. c3i.osd.mil/bpr/bprcd/ 484b.h.tm. 

Confucius  came  upon  a  woman  who  was  weeping  bitterly  by  a  grave.  The  Master 
pressed  forward  and  drove  quickly  to  her;  then  he  sent  Tze-lu  to  question  her.  Your 
wailing,"  said  he,  "is  that  of  one  who  has  suffered  sorrow  on  sorrow."  She  replied,  "That  is 
so.  Once  my  husband's  father  was  killed  here  by  a  tiger.  My  husband  was  also  killed,  and 
now  my  son  has  died  in  the  same  way."  The  Master  said.  Why  do  you  not  leave  this 
place?"  The  answer  was,  "There  is  no  oppressive  government  here."  The  Master  then  said, 
"Remember  this,  my  children:  oppressive  government  is  more  terrible  than  tigers." 

(Confucius,  The  Wisdom  of  Confucius,  Peter  Pauper  Press,  Mt.  Vernon,  NY,  1963,  p.  38.) 
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DataBase  (DB) 

A  collection  of  interrelated  data,  often  with  controlled  redundancy,  organized 
according  to  a  schema  to  serve  one  or  more  applications;  the  data  are  stored  for  use  by 
different  programs  or  applications.  There  are  various  types  of  databases  depending  upon 
the  schema  used  to  arrange  the  data.  The  primary  types  include:  hierarchical  (in  a  table  of 

contents  type  rigid  hierarchy),  relational  (including  multiple  relations  between  entries _ 

similar  in  appearance  to  Microsoft  Excel  flat  files  that  can  be  arranged  and  re-arranged  by 
selection  of  appropriate  columns  or  pivoted  to  attach  related  tables  to  one  another),  object 
oriented  (in  which  a  particular  principle  has  all  relevant  data  attached  directly  to  it — a 
clustering  relationship  for  example),  and  object  relational  (placing  object-oriented  entries 
into  a  relational  arrangement). 

File-based  (flat  files)  are  merely  collections  of  files  accessed  by  application  programs 
with  separate  and  isolated  (unshared)  data.  They  are  subject  to  data  duplication  and 
inconsistency,  application  dependencies,  incompatibilities,  etc.  Network  databases 
support  relationships  among  the  data  through  linked  list  structure  with  subordinated 
records  linked  to  more  than  one  owner.  Relational  DBs  (RDBs)  are  very  popular,  easy  to 
use,  and  data  independent,  but  can  be  complex,  slow  to  search  and  access,  and  can  have 
redundancies.  Object-oriented  DBs  (OODBs)  include  computer-aided  design  and 
manufacturing  (CAD/CAM),  computer  integrated  manufacturing  (CIM),  computer-aided 
software  engineering  (CASE),  geographic  information  systems  (CIS),  science  and 
medicine,  document  storage  and  retrieval.  They  apply  object  oriented  programming 
(OOP)  to  DBs.  They  handle  abstract  types  of  data  (multimedia)  well,  better  model  the  real 
world,  are  portable  and  reusable,  but  they  are  immature,  complex,  and  less  relevant  to 
most  business  applications.  Object-relational  DBs  (ORDBs)  combine  many  of  the 
advantages  of  OODBs  and  RDBs  and  may  replace  the  latter  (ANSI  SQL3  standard  of 
1999),  but  have  high  storage  requirements.  See  also  data  warehouse.  Often  the  term 
database  is  used  even  if  the  contents  are  actually  information  or  knowledge.  A  data 
definition  language  (DDL)  defines  what  types  of  data  will  be  recorded  in  the  DB;  a  data 
manipulation  language  (DML)  is  used  to  query  the  database,  store,  and  update  it.  See 
Thomas  Bruce's  Designing  Quality  Databases  ivith  IDEFIX  Information  Models  1992,  Dorset 
Publishing,  New  York;  The  Business  Intelligence  and  Data  Warehousing  Glossary 
(http.;/  / vvww.sdgcomputing.com / glossa ly . h tm);  (DoD  8320.1-M,  Data  Administration 
Procedures);  and  National  Committee  for  Information  Technology  Standards.  Databases 
are  supplied  by  Informix,  Microsoft,  Oracle,  and  Sybase.  They  can  also  be  made  Web 
accessible  per  the  Internet  Web  Show  of  1996:  "Understanding  Web  Databases"  (IRMC 
Data  Management  Strategies  and  Technologies  Course), 
http:/ /ourworld.compuserve.com /homepages /Ken  North  /. 

History  is  what  we  choose  to  remember.  (Rodger  Kamenetz,  The  Jew  in  the  Lotus,  Harper 
SanFrancisco,  1994,  p.  251.)  ' 

DataBase  Management  System  (DBMS) 

The  software  that  is  used  to  store,  access,  and  manage  data.  Can  also  include  a  system 
that  provides  the  functionality  to  support  the  creation,  access,  maintenance,  and  control  of 
databases  and  that  facilitates  the  execution  of  application  programs  using  data  from  these 
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databases  (the  DMSO  Glossary  of  Modeling  and  Simulation  Terms).  A  DBMS  may  also 
maintain  data  integrity  and  invoke  tools  to  interrogate  and  analyze  the  contents  of 
databases,  process  transactions,  backup  and  recover,  validate,  monitor,  and  secure 
databases  (per  National  Committee  for  Information  Technology  Standards).  DBMS 
components  include:  design  tools,  run  time,  DBMS  engine,  physical  management, 
metadata,  and  a  database.  However,  DBMSs  are  expensive  (high  overhead  costs), 
complex,  not  suitable  for  all  applications,  single  points  of  failure,  and  potential  locus  of 
security  breaches  (IRMC  Data  Management  Strategies  and  Technologies  Course). 

The  trouble  with  the  future  is  that  it  usually  arrives  before  we  are  ready  for  it.  (Arnold 
H.  Glasgow,  quoted  in  Europe  1992,  Defense  Systems  Management  College,  Ft.  Belvoir,  VA, 
September  1990,  p.  90.) 

Data  Density — see  Information  Density  and  Knowledge  Density 

The  percentage  of  a  communication  consisting  of  data  as  opposed  to  information  or 
knowledge  (or  wisdom).  Computers  have  high  data  density,  philosophers  (hopefully) 
have  high  knowledge  density.  Much  work  conversation  is  of  high  information  density. 
Much  confusion  is  caused  by  communications  of  high  information  or  data  density  and 
low  knowledge  density,  since  the  elements  necessary  for  action  are  overlooked.  They 
violate  the  rule  of  necessary  and  sufficient.  While  computers  are  generally  viewed  as 
communicating  data,  devices  such  as  object-oriented  databases  and  extensible  markup 
language  can  convert  data  into  information  and,  perhaps  even,  knowledge.  The 
distribution  of  these  densities  indicate  the  amoimt  of  potential  understanding  in  the 
communication.  There  is  a  parallel  in  the  Defense  Department's  breakdown  of  research 
and  development  (R&D)  projects.  Their  "program  elements  (codes  describing  and 
itemizing  these  projects)  begin  with  the  number  6,  another  identifier  code,  and  a  three- 
digit  project  code.  The  second  digit  (identifier  code)  refers  to  the  type  or  status  of  the 
project.  Thus,  6.1  is  pure  research;  6.2  is  exploratory  development,  etc.  The  higher  the 
number,  the  more  solid  (near-term)  the  result.  Similarly,  data  is  purer  (ones  and  zeros  or 
alphabetical  letters /bytes),  but  not  actionable.  Knowledge  is  actionable — similar  to 
working  models  of  R«&D  projects.  Wisdom  could  be  likened  to  production  models  where 
the  design  can  be  reused  almost  indefinitely. 

Conversation,  n.:  A  fair  for  the  display  of  the  minor  mental  commodities,  each  exhibitor 
being  too  intent  upon  the  arrangement  of  his  own  wares  to  observe  those  of  his  neighbor. 

(Ambrose  Bierce,  The  Devil's  Dictionary,  1881-1911),  from  The  International  Thesaurus  of 
Quotations,  Rhoda  Thomas  Tripp,  Harper  &  Row,  New  York,  1970,  p.  Ill,  entry  185,  No.  3.) 

When  people  talk  to  us  about  others  they  are  usually  dull.  When  they  talk  to  us  about 
themselves  they  are  nearly  always  interesting.  (Oscar  Wilde,  "The  Critic  as  Artist," 

Intentions,  1981,  from  The  International  Thesaurus  of  Quotations,  Rhoda  Thomas  Tripp,  Harper 
&  Row,  New  York,  1970,  p.  113,  entry  185,  No.  38.) 

Data  Dictionary 

A  set  of  allowable  metadata  or  data  types  with  descriptions  of  each  type.  The 
Department  of  Defense  uses  the  defense  data  dictionary  system  (DDDS)  as  the  standard. 
A  database  of  metadata.  A  document  that  defines  each  data  entity  (IRMC  Data 
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Management  Strategies  and  Technologies  Course).  A  personal  computer  version  of  DDDS 
is  called  the  PC  access  tool  (PC AT).  The  Defense  Information  Systems  Agency  maintains 
me  DDDS.  TTiese  tools  enable  reuse  of  extant  standard  data  elements  and  attributes.  The 
Secure  Intelligence  Data  Repository  (SIDR)  is  a  classified  version  of  the  DDDS  (IRMC 
Advanced  Information  System  Acquisition  Course). 

Walking  down  a  country  lane,  a  man  heard  his  little  granddaughter  from  the  other  side 
of  a  large  bush.  She  was  repeating  the  alphabet— A,  B,  C,  D,  E,  but  in  an  oddly  reverent  sort 
ot  way.  He  waited  until  she  was  through  and  then  walked  around  to  find  her.  "What  were 
you  doing?"  he  asked.  "1  was  praying,"  she  answered.  "1  couldn't  think  of  the  right  words, 
so  1  just  said  the  letters,  and  God  will  put  them  together  into  the  words,  because  He  knows 
what  1  was  thinking."  (Robert  E.  Goodrich,  Jr.,  What’s  If  All  About,  Fleming  H.  Revell  Co 
quoted  by  Jacob  Braude  in  Nezo  Treasury  of  Stories  for  Every  Speaking  Occasion,  Prentice  HaU 
Inc.,  Englewood  Cliffs,  NJ,  ] 961 ,  p.  300.) 

Data  Element 

Any  part  of  a  data  structure  that  is  considered  in  context  to  be  indivisible;  for  example, 
a  name  or  date  in  a  record,  or  an  attribute  associated  with  an  object.  In  database  usage,  an' 
identifier  of  an  entity  or  of  an  attribute.  A  named  relationship,  viewed  as  an  elementary 
umt,  established  between  objects  of  the  universe  of  discourse  and  words  representing 
them  (National  Committee  for  Information  Technology  Standards)  (IRMC  Data 
Management  Strategies  and  Technologies  Course).  See  Defense  Information  Systems 
Agency  memo  "Implementing  DoD  Standard  Data  Elements,"  April  1996  and  DoD 
8320.1-M-l  Data  Standardization  Procedures,  April  1998.  Software  Requirements 
Specification:  http:/ /www.disa.mil/coe/srs/sr.s  base /DATA ANRT.D(9C. 

Words  wonderfully  obstruct  the  human  understanding.  (Sir  Francis  Bacon,  "Idols  of  the 
Market  Place/'  The  Novum  Orgauum.) 


Data  Encryption  Standard  (DES) 

DES  was  the  encryption  standard  in  the  government  (National  Institute  of  Standards 
and  Technology,  NIST)  until  computers  advanced  enough  so  that  DES  was  insufficient  in 
strength  to  protect  ciphertext.  It  was  originally  issued  as  Federal  Information  Processing 
Standard  (FIPS)  46  in  1977  by  the  National  Bureau  of  Standards  (predecessor  of  NIST).  It 
was  also  approved  as  American  National  Standards  Institute  Standard  X3.92-1981  /R1987. 
It  has  56-bit  strength  (using  its  other  8  bits  for  error  detection).  Triple  DES  (3-DES)  was 
en  developed  to  attain  the  strength  needed  to  meet  current  cryptanalysis  capabilities. 

DES  IS  a  symmetric  type  of  cryptography,  depending  upon  a  single  secret  key.  DES  is 
described  in  the  FIPS  46-2. 

DES  fact  sheet:  http:/ / csrc.ncsl.nist.gov  / crvptvnl  /de.s/dp.<;.fxt 

FIPS  46.2:  ht.tp:/  /www.cryptosoft.com/html/ fips46-2.htm.  December  30, 1993. 

Nothing  in  progression  can  rest  on  its  original  plan.  We  may  as  well  think  of  rocking  a 
grown  man  in  the  cradle  of  an  infant.  (Edmund  Burke,  1727-1797,  Letter  to  the  Sheriffs  of 
Bristol,  1777,  from  The  Oxford  Dictionary  of  Quotations,  Oxford  University  Press,  New  York 
1980,  p.  110,  No.  13.) 
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Data  Exploration 

According  to  Bill  Inmon  (the  father  of  the  data  warehouse),  this  is  the  process  of 
analyzing  data  for  relationships  that  have  not  been  previously  discovered.  For  example, 
the  sales  records  for  a  particular  brand  of  tennis  racket  might,  if  sufficiently  analyzed  and 
related  to  other  market  data,  reveal  a  seasonal  correlation  with  the  purchase  by  the  same 
parties  of  golf  equipment.  The  classic  story  is  the  correlation,  found  by  convenience  stores, 
between  beer  and  diapers.  After  noting  tfds  nonintuitive  relationship,  stores  increased 
sales  by  co-locating  these  two  items.  Thus,  data  exploration  (similar  to  exploratory 
development  in  research  and  development)  can  result  in  practical  gains  to  the 
organization.  Artificial  intelligence  is  used  in  data  exploration,  especially  neural  networks 

and  genetic  algorithms. 

No  human  being  should  leam  from  another.  Each  individual  should  develop  his  own 
powers  to  the  uttermost,  not  to  imitate  those  of  someone  else.  (Hercule  Poirot  [Agatha 
Christie],  Lord  Edgware  Dies,  Dodd,  Mead,  New  York,  1970,  p.  129.) 

Data,  Information,  and  Knowledge  (DINK) 

Can  also  be  referred  to  as  KID  (knowledge,  information,  and  data),  which  places  more 
emphasis  upon  higher  levels  of  abstraction,  which  facilitate  understanding  and  enable 

action. 

Great  people  talk  about  ideas.  Average  people  talk  about  things.  Small  people  talk 
about  people.  (Dave  Marinaccio,  All  I  Really  Need  to  Know  I  Learned  from  Watching  Star  Trek, 

Crown  Publishing,  New  York,  1994,  p.  61.) 

Data  Management  (DM) 

The  management  of  data  to  ensure  it  is  accurate,  accessible,  nonredundant,  consistent, 
flexible,  and  secure.  The  Department  of  the  Navy  (DON)  chartered  a  1-year  data 
management  and  interoperability  (DMI)  integrated  product  team  (IPT)  to  investigate 
these  arenas  and  recommend  improvements.  The  DMI  IPT  made  numerous 
recommendations  including  the  establishment  of  a  DMI  repository  (DMIR)  to  contain  all 
DON  metadata.  This  repository  would  provide  an  overview  of  the  department's  data, 
assist  in  standardizing  data,  and  facilitate  Section  8121  (or  8102)  DoD  chief  information 
officer  approvals.  "The  responsibility  for  definition,  organization,  supervision,  and 
protection  of  data  within  an  enterprise  or  organization"  (DoD  8320.1,  DoD  Data 
Administration).  DM  includes  identification,  modeling,  standardization,  central  planning, 
and  implementation  of  data.  Government  Performance  and  Results  Act  and  the 
Information  Technology  Management  Reform  Act  require  the  chief  information  officer  to 
perform  DM.  DM  can  improve  accuracy,  efficiency,  and  availability  of  data.  It  also 
facilitates  decision-making,  data  sharing,  interoperability,  and  understanding.  It  can 
reduce  redundancy,  duplication,  storage  requirements,  and  translators.  It  simplifies 
interfaces  between  systems  (IRMC  Data  Management  Strategies  and  Technologies 
Course).  Strategies  and  Technologies:  http:  /  / members.aol.com  /lpangl0473  /dms.htm 
(IRMC  Critical  Information  Systems  Technologies  Course). 
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Look  after  the  molehills  and  the  mountains  will  look  after  themselves.  (Lawrence  I. 

Peter  and  Raymond  Hull,  The  Peter  Principle,  New  York,  1970.) 

Data  Mart 

Functional  and  separated  subsets  of  a  data  warehouse.  Inmon  is  considered  the  father 
of  the  data  warehouse.  Various  subgroups  in  an  organization  supported  by  a  data 
warehouse  may  create  their  own  data  marts  which  include  relevant  subsets  of  the  data 
warehouse  s  contents  in  order  to  perform  their  own  data  analysis  with  tailored  data 
mining  or  exploration  tools.  Multidimensional  data  marts  are  used  for  slicing  and  dicing 
numerical  data,  are  sparsely  populated,  and  rigidly  structured.  Relational  online 
analytical  processing  data  marts  (ROLAPs)  are  more  general  purpose,  include  numerical 
and  textual  data,  are  used  for  general  purpose  decision  support  system  analysis,  have 
numerous  indices,  support  star  schemas,  and  can  contain  both  detailed  and  summarized 
data.  A  load  program  periodically  loads  the  data  mart  from  the  data  warehouse  (IRMC 
Data  Management  Strategies  and  Technologies  Course). 


a.  From  Bill  Inmon,  op.  cit. 

V^at  a  word  processor  does  to  words  is  like  what  a  food  processor  does  to  food.  (Bob 
Buckley,  ITC,  New  Orleans  @  DM1 IPT,  September  20,  2000.) 

Data  Mining 

Extracting  meaningful  information  from  masses  of  data  (especially  from  a  data 
warehouse)  usually  employing  algorithms  to  correlate  among  many  variables  faster  than 
umanly  possible.  Some  people  (though  not  Bill  Inmon)  include  data  exploration  in  data 
mming.  For  Inmon,  data  mining  is  limited  to  gathering  data  around  a  priori  starting 
points  or  precepts/assumptions.  It  is  very  useful  in  testing  theories,  for  instance,  or 
provmg  a  pomt,  as  opposed  to  data  exploration.  There  is  a  qualitative  difference  between 
them.  As  in  the  physical  world,  minors  generally  know  for  what  they  are  mining;  they 
only  need  to  fmd  where  it  is.  Explorers  don't  really  know  what  they  will  find. 

Data  mining  uses  statistical  algorithms  to  analyze  data  (often  in  a  data  warehouse  or 
data  mart).  Such  techniques  include;  predictive  modeling  (neural  networks,  inductive 
reasomng),  link  analysis  (connecting  different  data  records),  deviation  detection  (record 
locahons  m  segments,  some  are  not  allowed),  and  database  segmentation  (statistical 
c  ustermg)  (IRMC  New  World  of  the  CIO  Course).  Data  mining  models  include: 
classification  (characteristics  of  a  group),  regression  (using  existing  values  to  forecast), 
hme  series  forecast  (regression  including  time  properties),  association  (items  occurring 
together),  sequence  discovery  (association  of  time-linked  events),  clustering  (data  groups). 

goridms  include:  traditional  statistics,  decision  trees  (e.g.,  classification  and  regression 
trees  lOARTJ  and  chi  square  automatic  interaction  detection  [CHAID]),  neural  networks 
(jaLtp://www.calsci.com/Applications.html),  nearest  neighbor  method  (or  k-nearest 
neighbor  technique),  or  rule  induction.  Some  data  mining  tools  are  visual  and  even  three- 
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dimensional  or  virtual  reality.  They  may  require  powerful  platforms  to  operate.  Data 
mining  is  presently  used  for  credit  scoring,  fraud  detection,  churn  analysis,  marketing 
and  sales,  law  enforcement  (drug  interdiction,  financial  crimes,  money  laundering),  space 
applications  (classification  of  sky  objects  and  analysis  of  space  probe  images),  and  health 
care  (utilization  forecasts,  risk  identification,  and  benchmarking).  Various  models  for 
implementation  exist,  such  as  assess,  access,  analyze,  act,  and  automate  (SPSS  Inc.)  and 
define,  preprocess,  select,  discover,  interpret,  integrate  (IRMC  Data  Management 
Strategies  and  Technologies  Course). 

When  you  have  eliminated  the  impossible,  whatever  remains,  however  improbable, 
must  be  the  truth.  (Sherlock  Holmes  [Arthur  Conan  Doyle].) 

data  model  u  -  i  i.  \ 

The  way  data  is  conceptually  structured  (relational,  object-oriented,  hierarchical,  etc.) 

(IRMC  Data  Management  Strategies  and  Technologies  Course). 

When  we  are  flat  on  our  backs  there  is  no  way  to  look  but  up.  (Roger  W.  Babson, 
quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion, 

Prentice  HaU,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  100.) 


data  repository 

A  specialized  database  that  makes  data  available  to  users  across  an  enterprise  to 
promote  reuse  and  reduce  redundancy.  Specific  examples  would  include  the  Year  2000 
database  and  the  Navy's  new  Data  Management  and  Interoperability  Repository  (DMIR). 
Repositories  are  frequently  virtual,  with  links  to  separate  portions  of  the  repository. 

Small  deeds  done  are  better  than  great  deeds  planned.  (Peter  Marshall,  quoted  by  Jacob 
Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion  Prentice  Hall,  Inc., 
Englewood  Cliffs,  NJ,  June  1961,  p.  14.) 


Data  Warehouse  r  j  • 

A  technological  tool  for  storing,  retrieving,  and  analyzing  large  amounts  of  data  via 

data  mining  and  exploration.  A  data  warehouse  is  a  special  case  of  a  database.  It  is 
updated  regularly  but  not  dynamically.  Thus  it  represents  a  time  slice  of  data.  It  is 
arranged  so  as  to  facilitate  its  use  by  a  specific  user  set.  It  is  often  sub-replicated  (specific 
domains  extricated  from  it)  to  create  data  marts.  Data  marts  are  used  by  specific  types  of 
users;  they  enable  faster  data  mining  operations  than  could  be  achieved  by  the  data 
warehouse  itself  and  can  be  used  in  any  manner  desired  by  the  domain  users  without 
affecting  other  users  of  the  warehouse.  Data  warehouses  are  designed  differently  (star  or 
snowflake  versus  relational  or  object  oriented)  from  databases  in  order  to  optimize 
queries  and  decision  support  versus  real-time  transactions. 

The  EPA  (http:/  /www.epa.gov)/  Bureau  of  Labor  Statistics,  IRS,  and  Postal  Service 
use  data  warehouses  (IRMC  New  World  of  the  CIO  Course),  and  maintain  their 
enviromap  warehouse  at  http://www.epa.gov/enviro/index  java.html.  Also  see  the 
Data  Warehousing  Institute's  "Ten  Mistakes  to  Avoid  at  http:  /  /www.dwr 
insti tute.com/researrh/display .asp?id=5000,  and  especially  Bill  Inmon  s  (the  father  of 
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the  data  warehouse")  articles  at  http://www.billiniTion.com/.  (IRMC  Data  Management 
Strategies  and  Technologies  Course.) 

See  Data  Warehousing  at  the  Crossroads  (William  H.  Inmon,  Kiva  Productions,  1999). 
http:/  /  vvwvv.gmisystems.com/vvarehous/nevvslist.htm: 
llLtp:  /  /  sa  tes.com  m .  vi  r  gi  n  i  a  .ed  u  /d  w  resea  rch  / 1  i  n  ks .  h  tm  I 

What  do  they  know  of  England  who  only  England  know?  (George  MacDonald,  Lilith, 
from  Phantasies  and  Lilith,  Eerdman's  Publishing,  Grand  Rapids,  Ml,  1964,  p.  9.) 

Decision  Support  Systems  (DSS) 

Information  databases  or  other  software  that  help  users  make  quicker,  better 
decisions.  The  primary  objectives  of  decision  support  systems  are  to  provide  users  with 
tools  to  make  informed,  independent  decisions,  preventing  the  delays  previously  caused 
by  routing  questions  up  a  defined  organizational  hierarchy.  Thus,  DSS's  support 
employee  empowerment.  IRMC  has  an  interactive  groupware  DSS  available  for  student 
use  and  used  in  certain  courses.  This  Electronic  Meeting  System  (EMS)  provides 
anonymity,  parallel  communications,  distributed  participation  (versus  domination),  fast 
data  organization  and  tabulation,  session  recording/ recall,  and  time  for  participant 
reflection.  It  would  support  integrated  product  and  process  development  (IPPD)]  (e.g., 
integrated  product  teams),  business  process  reengineering,  prioritization  and  evaluation, 
etc.  The  Army  National  Guard  used  it  to  prioritize  projects  and  funding.  The  Defense 
formation  Systems  Agency's  Chief  Information  Office  staff  used  it  to  create  the 
integrated  definition  for  information  model.  National  Defense  University  commandants 
and  joint  staff  used  it  to  select  the  dean  of  the  IRMC.  Many  government  organizations  use 
DSSs,  including:  ACOM  (now  JFCOM),  North  Atlantic  Treaty  Organization,  Defense 
Logistics  Agency,  Defense  Information  Systems  Agency,  National  Defense  University, 
U.S.  Marine  Corps  HQ,  Navy  SUPERS,  Patuxent  River  Public  Works,  Naval  War  College, 
Air  Force  Institute  of  Technology  (AFIT),  Langley  Air  Force  Base,  Federal  Aviation 
Administration,  Internal  Revenue  Service,  U.S.  Postal  Service,  National  Security  Agency, 
Department  of  Education.  (IRMC  Advanced  Software  Acquisition  Management  Course). 
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Rough  Comparison  of  a  Few  Group  DSS  Products 


Product 

Vendor 

Cost 

-T  - - - - - - - - - 

Capability 

GroupSystem 
htto:  /  /  www.vent 

Ventana 

~$1K  per 
workstation 

Brainstorm,  list  building  and  evaluation, 
group  drawing,  outlining,  voting,  survey 

ana.com 

Meeting  Room 

Eden  Systems 

$895  per  10 
pack 

Basic  tools,  brainstorm,  organize,  vote 

TeamEC 

Ahp.net/ www/ a 
hp 

Expert  Choice 

~$9k 

Brainstorm,  hierarchies,  evaluation 

CM/I 

Corporate 

Memory 

Systems 

$795  per  10 
pack 

Thinking  diagrams 

TCBWorks 

J 1 - - - - 

Terry  College 
of  Business, 
University  of 
Georgia 

? 

Basic  idea  collection  and  evaluation 

http;  /  /www.cs.adfa.oz.au/teaching/stud 
info  /da2  /lectures  /L21html/ sldOOl.httn 

K _ %. 

a.  Data  as  of  1999  (IRMC  Advanced  Software  Acquisition  Management  Course). 


Meetings  can  also  be  held  in  virtual  reality  space  (http:  /  /  www .worlds-net  and 
http:  /  / www.on1ive.com)  or  on  video  (e.g.,  http:  /  /www.pictureteLcom  or 
http:  /  /www.cineconi.con't).  See  Coleman  and  Khanna  s  Gvoupware.  Technology  and 
Applications  (Prentice  Hall,  Inc.,  NJ,  1995);  Glenn  Rifkin  s  A  Skeptic  s  Guide  to 
Groupware"  {Forbes  ASAP,  1995,  June);  Bill  Roberts'  "Groupware  Strategies"  (BYTE 
Magazine,  July  1996,  pp.  68-78);  and  Amy  Cortese's  "Here  Comes  the  Intranet"  (Business 
Week,  1996,  February  26,  pp.  76-84)  (IRMC  Advanced  Software  Acquisition  Management 
Course).  See  "In  Praise  of  Hierarchy"  by  Elliott  Jaques  (Harvard  Business  Review,  1990, 
January-February,  90107). 

We  decide,  as  if  we  knew.  We  only  know  what  we  know,  but  there  is  plenty  more  of 
which  we  might  know  if  only  we  could  give  up  insisting  upon  what  we  do  know.  (C.  G. 

Jung,  Letters,  Vol.  2,  Bollingen  Series  95, 1951-61,  Gerhard  Adler  and  Aniela  Jaffe,  Eds., 

Princeton  University  Press,  Princeton,  NJ,  1953-75,  p.  591.) 

Decision  Superiority— see  Joint  Vision  2020  http:  /  /  www.dtic.mil/jv2Q20 

The  ability  to  take  advantage  of  superior  information,  convert  it  to  superior 
knowledge  and  make  better  decisions  that  are  arrived  at  and  implemented  faster  than  an 
opponent  can  react,  or  in  a  noncombat  environment,  at  a  tempo  that  allows  the 
commander  to  shape  the  situation,  react  to  change,  and  accomplish  his  mission  (Glossary 
ofIM/IT  &  KM  Terms).  Decision  superiority  can  result  from  superior  knowledge  or 
superior  ability  to  make  decisions.  Thus,  superior  knowledge  can  enable  but  not  ensure 
decision  superiority.  See  Joint  Vision  2020  (JV  2020)  for  more  information  on  decision 
superiority.  While  decision  superiority  is  one  possible  result  of  superior  knowledge  (KM), 
it  is  not  the  only  advantage  thereof.  Superior  knowledge  also  enables  other  objectives  in 
JV  2020  such  as  focused  logistics. 
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In  a  talk  to  the  graduating  class  at  Smith  College,  Adlai  Stevenson  once  told  his  listeners 
that  the  "self-adjusted"  people  who  fit  painlessly  into  the  social  pattern  may  not  be  the  most 
valuable  citizens.  "While  I  am  not  in  favor  of  maladjustment,"  he  added,  "I  view  this 
cultivation  of  neutrality,  this  breeding  of  mental  neuters,  this  hostility  to  eccentricity  with 
grave  misgiving.  One  looks  back  with  dismay  at  the  possibility  of  Shakespeare  perfectly 
adjusted  to  bourgeois  life  in  Stratford,  Wesley  contentedly  administering  a  county  parish, 

George  Washington  going  to  London  to  receive  a  barony  from  George  III,  or  Abraham 
Lincoln  prospering  in  Springfield  with  nary  a  concern  for  the  preservation  of  the  crumbling 
union.  What  is  needed,"  continued  Mr.  Stevenson,  "is  not  just  well-adjusted,  well-balanced 
personalities,  not  just  better  groupies  and  conformers  but  more  idiosyncratic,  unpredictable 
characters;  people  who  take  open  eyes  and  open  minds  out  with  them  into  the  society 
which  they  will  share  and  help  to  transform."  (Quoted  by  Jacob  Braude  in  Nezo  Treasury  of 

Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  N],  June 
1961/  p.  281 .)  '  ' 

Decision  Theory— see  Asymmetric  Dominance  and  Utility  Theory 

The  study  of  how  to  make  logical  decisions.  It  is  often  studied  under  operations 
research,  program/systems  management,  or  financial  management  when  addressing 
investments.  There  are  more  than  100  decision  theory  techniques  and  approaches,  having 
varying  accuracy  and  difficulty.  Decision  theory  is  included  in  the  Defense  Acquisition 
Workforce  Improvement  Act  program  management  track  (PMT302,  Advanced  Program 
anagement  Course).  (See  Brassard  and  Ritter,  The  Memory  Jogger  II,  A  Pocket  Guide  of 
Tools  for  Continuous  Improvement  and  Effective  Planning,  GOAL/QPC,  1994.)  The  scientific 
method  is  a  form  of  decision  theory.  Many  methods  are  numerical  and  use  money  as  the 
criterion  of  comparison.  The  baseline  technique  of  this  kind  is  the  La  Place  method  (by  the 
amous  mathematician^  However,  individual  decisions  (e.g.,  playing  the  stock  market) 
are  determmed  by  participants  emphasizing  differing  risk-taking  strategies,  the  mini-max 
and  maxi-min  extensions  of  La  Place  were  developed  to  address  such  differences.  They 
either  minimize  the  risk  or  maximize  the  gain.  Additionally,  utility  theory  addresses 
situations  m  which  a  dollar  isn't  a  dollar— where  various  circumstances  affect  the  values 
of  the  outcomes.  Thus  outcome  utility  to  the  decider  becomes  the  criterion,  versus 
monetary  measures.  Other  decision  theory  techniques  (e.g.,  the  nominal  group  technique) 
are  more  ordinal  in  nature — based  upon  relative  value  or  importance  of  possible 
alternatives  rather  than  absolute  (e.g.,  dollar)  measures.  The  Delphi  technique  is  another 
well-known  decision  method.  The  meta-decision  of  what  decision  method  to  use  depends 
upon  the  accuracy  and  timeliness  needed,  the  data  or  information  available,  and  the 
propensities  and  idiosyncrasies  of  the  decision  group. 

^lence,  after  all,  means  the  willingness  to  observe  facts  and  follow  them  to  whatever 
conclusions  they  will  lead,  not  to  try  to  push  the  facts  into  a  desired  pattern.  (Menahem 
Mendel  Schneersohn  [seventh  Lubavitcher  Rebbe],  quoted  by  Herbert  Weiner  in  9  1/2 
Mystics,  Collier  Books  (McMillan),  New  York,  1971,  p.  192.) 

Decision  contains  the  uncertainty  of  the  wisdom  of  the  choice,  and  calls  for  the  capacity 
to  tolerate  uncertainty  while  awaiting  the  final  outcome,  and  possible  failure.  This 
uncertainty,  however,  it  must  be  noted,  has  a  special  quality.  The  use  of  discretion  depends 
upon  unconscious  as  well  as  conscious  mental  functioning— the  capacity  for  synthesis  of 
unconscious  ideas  and  intuitions  and  bringing  them  into  consciousness.  (Elliott  Jaques, 

Creativity  and  Work,  International  Universities  Press  Inc.,  Madison,  CT,  1990,  pp.  331-332.) 
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Decryption — see  Encryption 

The  process  of  extracting  text  that  has  been  encrypted;  changing  ciphertext  into 
cleartext  or  plaintext.  In  symmetric  encryption,  the  single  key  that  encrypted  the  text  must 
be  used  to  decrypt  or  unencrypt  the  text.  In  asymmetric  encryption,  a  person  s  private 
key  is  required  to  decrypt  text  encrypted  with  that  person's  public  key.  Similarly,  a 
person's  public  key  is  required  to  decrypt  text  encrjqjted  with  that  person  s  private  key. 

Ninety  percent  of  the  game  is  half  mental.  (Yogi  Berra,  The  Yogi  Book,  Workman 
Publications,  New  York,  1998,  p.  69.) 

Defense  Acquisition  Executive  (DAE) — see  Acquisition 

The  Under  Secretary  of  Defense  for  Acquisition,  Technology,  and  Logistics  (USD 
[ATL]) — formerly  Acquisition  and  Technology,  A&T — is  the  DAE.  The  DAE  is  the  top 
executive  for  defense  acquisition  and  the  Milestone  Decision  Authority  (MDA)  for  the 
largest  acquisition  programs  (ACAT  [acquisition  category]  ID).  The  DAE  publishes  the 
acquisition  "bible"  -  the  DoD  5000  series  of  documents  (DoDD  5000.1,  Defense 
Acquisition  March  15, 1996;  DoD  5000.2-R,  Mandatory  Procedures  for  Major  Defense 
Acquisition  Programs  (MDAPs)  and  Major  Automated  Information  Systems  (MAIS)  Acquisition 
Programs,  March  15, 1996),  now  revised,  f http:  /  / www.safaq.hq.af.mil /acg  polZ 
HndSnOO/final).  Formerly,  automated  data  processing  or  automated  information  system 
programs  were  governed  by  the  Department  of  Defense  (DoD)  8000  series,  but  these  were 
combined  into  DoD  5000.  However,  the  Assistant  Secretary  of  Defense  for  Command, 
Control,  Commimications,  and  Intelligence  (ASD  [C  I])  remained  MDA  for  these 
acquisitions.  The  Assistant  Secretary  of  Defense  for  Command,  Control,  Communications, 
and  Intelligence  also  became  the  DoD  CIO. 

Without  strong,  aggressive,  committed,  and  knowledgeable  leadership,  there  will  be  no 
one  to  persuade  the  barons  running  functional  silos  within  the  company  to  subordinate  the 
interests  of  their  functional  areas  to  those  of  the  processes  that  cross  their  boundaries. 

(Michael  Hammer  and  James  Champy,  Reengineering  the  Corporation,  Harper  Business,  New 
York,  1993,  p.  107.) 

Defense  Acquisition  Workforce  Improvement  Act  (DAWI A) 

This  statute  established  numerous  competencies  with  the  defense  acquisition  process. 
These  include:  program  management  (PM),  financial  management  (FIN),  contracting 
(CON),  systems  engineering  (SYS),  communications  and  computers  (IRM),  etc.  Within 
each  competency  there  are  three  levels  of  achievement  (level  1  is  entry  level,  level  2  is 
journeyman,  level  3  is  advanced).  There  are  varying  requirements  (education,  training, 
and  experience)  required  to  attain  these  levels  within  the  competencies.  Government 
workers  may  be  designated  members  of  the  acquisition  professional  corps  (APC)  and 
required  to  attain  specified  levels  of  competency  dependent  upon  their  job  requirements. 
Specific  job  billets  are  also  designated  as  critical  or  noncritical  billets.  Certificates  are 
issued  for  APC  membership  and  for  each  competency  level  achieved.  DAWIA  training 
courses  are  given  primarily  by  the  Defense  Acquisition  University  headquartered  at  Ft. 
Belvoir,  VA.  However,  a  few  courses  can  also  be  taken  at  the  National  Defense 
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University's  (NDU's)  Information  Resources  Management  College  (IRMC) _ e.g.. 

Advanced  Information  System  Acquisition  Course,  the  IRM  Capstone  Course  (level  3). 

r  •  ^  conqueror  only  to  those  who  have  lost  the  art  of  receiving  it  as  a 

friend.  (George  MacDonald,  Lilith  from  Phantasies  and  Lilith,  Erdman's  Publishing,  Grand 
Rapids,  Ml,  1964,  p.  59.)  ^ 


DAU  Web  site:  http://www.daii.Tnil/ 

DAU  publications:  hUp:/ /www.dau.mil/pubs/pubsgen.hfm  {Program  Manager  and 
Acquisition  Review  Quarterly)  &  ^ 

DAWIA  courses  and  requirements:  http://www.register-now  r, ns.navv.mil  / 
navstar/ns  secure/nshome.htm;  http:  /  / www.register-now.cms.navv.mil  / 
navstar/ default.htm  (This  is  the  new  site.) 

DAWIA  Waivers;  http;//www.safau.hq.af.mil/acq  workf/waivor.  hfmi 

Director  Acquisition  Career  Management  site:  http://darm.sernav  navv  mil  / 

Defense  Acquisition  Workforce  Personnel  Demonstration  Project  (DAWPDP) 

Special  legislation  (in  the  Fiscal  Year  1996  Defense  Authorization  Act)  gave 
Department  of  Defense  (DoD)  the  opportunity  to  investigate  innovative  ways  to  manage 
and  pay  selected  individuals  and  find  better  ways  to  manage  the  workforce  It  was 
continued  and  revised  in  the  Fiscal  Year  1998  Defense  Authorization  Act.  A 

f  created,  targeting  the  acquisition  workforce  (about  25  percent 

of  all  DoD  ^ihans)  in  July  1998  for  14,500  employees  (out  of  the  95,000  authorized  by 
Congress).  These  employees  were  converted  from  GS  grades  to  three  different  career 
paths  and  paid  ir^roader  pay  bands  (3  or  4  pay  bands  versus  15  GS  levels,  depending  on 
me  career  path).  The  paths  are:  business  and  technical  management  professionals  (BTMP) 
techmcal  management  support  (TMS),  and  administrative  support  (AS). 


Band/Grade: 

GS  1-4 

GS5-7 

GS8 

GS  9-10 

■  MiXKc:  1.0.1 

GS  11 

3/  111  vja 

GS  12-13 

dues 

GS  14-15 

BTMP 

I 

II 

II 

II 

II 

III 

IV 

TM 

I 

II 

II 

III 

III 

IV 

AS 

I 

II 

III 

III 

— 

— 

— 

•  performance.  Employees  within  a  band  can  proceed  within  the  band 

a  tainmg  the  equivalent  to  a  promotion  without  being  officially  promoted.  Flowever 
persons  leavmg  the  project  for  GS  positions  are  awarded  a  GS  equivalent  grade  based 

n  f Annually,  employees  are  rated  by  overall  contribution  score 
(^S)  of  0  tolOO  points.  Employees  with  high  OCSs  receive  raises  and  bonuses. 

employees'  scores  to  other  supervisors  (IRMC  New  World 

01  the  CIO  Course). 


It  is  by  logic  we  prove,  but  by  intuition  that  we  discover.  To  know  how  to  criticize  is 
good,  but  to  know  how  to  create  is  better.  (Henri  Poincare,  Leo  Rosten's  Carnival  of  Wit  E  P 

Dutton&Co.,New  York,  1994,  p.  251.)  ' 
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Defense  in  Depth  (DiD) 

DiD  is  a  military  strategy  to  employ  several  simultaneous  layers  of  defense  so  that  an 
attacker  must  successfully  compromise  each  and  every  layer  in  order  to  compromise  the 
system  being  protected.  The  concept  is  applied  to  military  operations  in  general  (see  fV 
2020)  and  computer  security  (in  the  IT  arena)  in  particular.  Usually,  each  layer  uses 
different  technologies,  vendors,  and  procedures  to  strengthen  overall  system  security. 
Typical  defenses  include:  firewalls,  intrusion  detection  devices  (IDSs),  virus  checkers,  and 
virtual  private  networks  (VPNs). 

To  be  prepared  for  war  is  one  of  the  most  effectual  means  of  preserving  peace.  (George 
Washington,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden 
City,  NY,  1983,  p.  174.) 

Defense  Information  Infrastructure  (DID 

DII  refers  to  the  entire  collection  of  communications  networks,  computers,  software, 
database,  applications,  and  related  information  processing  capabilities  of  the  Department 
of  Defense  (DoD).  It  is  considered  a  subset  of  the  federal  information  infrastructure  (FII) 
that  is  part  of  the  national  information  infrastructure  (Nil)  that  is  part  of  the  global 
information  infrastructure  (GII).  See  global  information  grid  (GIG).  It  implies,  but  does 
not  control  or  guarantee,  interoperability.  The  best-known  infrastructure  is,  of  course,  the 
Internet  or  Web.  The  DII  is  considered  to  consist  of:  people,  processes,  and  tools  (PPT). 

DII  is  often  associated  with  the  common  operating  environment  that  actually  implements 
standardization  into  IT  development.  The  DoN  has  taken  the  initiative  to  implement  a 
department-wide  (covering  two  Services)  standard  intranet,  including  all  infrastructure 
components  via  a  seat  management  strategy/ contract.  Navy /Marine  Corps  Intranet. 

See  DII  Master  Plan,  version  7.0, 3/13/98  http:  /  /  www-disa.mil/diimp /diimp-t.htrrU 
(IRMC  Assuring  the  Information  Infrastructure  Course).  Other  definitions /characteristics 
include:  first,  the  network  standards  and  protocols  that  facilitate  interconnection  and 
interpretation  among  networks  and  systems  and  that  provide  security  for  the  information 
carried  and  second,  the  people  and  assets  which  provide  the  integration,  design, 
management,  and  operation  of  the  DII,  develop  the  applications  and  services,  construct 
the  facilities,  and  train  others  in  the  DII  capabilities  and  use  (IRMC  Advanced  Software 
Acquisition  Management  Course). 

barriers  operate  against  the  generation  and  sharing  of  the  explicit  as  well  as  the  tacit 
dimensions  of  knowledge.  Some  barriers,  however,  specifically  inhibit  the  growth  and 
transfer  of  tacit  dimensions.  First,  working  groups  often  exhibit  a  strong  preference  for  a 
particular  type  of  communication — most  often  (at  least  in  most  business  situations) 
communication  that  is  logical,  rational,  and  based  on  "hard"  data.  As  numerous  studies  of 
thinking  styles  have  shown,  individuals  have  strong  thinking  style  preferences-for 
particular  types  of  information-"hard-wired"  into  their  brains  and  reinforced  over  years  of 
practices  and  self-selection  into  certain  careers.’^  Even  if  an  individual  could  make  some  of 
the  tacit  dimensions  of  his  or  her  knowledge  explicit  in  the  form  of  a  physical  demonstration 
or  a  drawing,  such  information  would  rarely  be  given  a  hearing  because  such  evidence  is 
not  regarded  in  most  business  settings  as  relevant  or  useful  unless  backed  up  with  analysis. 

(See  Dorothy  Leonard  and  Sylvia  Sensiper,  "The  Role  of  Tacit  Knowledge  in  Group 
Innovation,"  California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp. 

112-132.) 
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Defense  Information  Systems  Agency  (DISA),  chartered  by  DoDD  5105.19  (June  25, 

DISA  is  a  Department  of  Defense  (DoD)  component  responsible  for  planning, 
eveloping,  and  supporting  command,  control,  communications  and  intelligence  (Cl).  It 
IS  imder  the  direction,  authority,  guidance,  and  control  of  the  Assistant  Secretary  of 
Defense  (ASD)  for  Cl  (the  DoD  CIO).  DISA  serves  as  the  central  manager  for  major 
portions  of  the  defense  information  infrastructure  including  the  defense  information 

systems  network  (DISN).  DISA  provides  the  valuable  (and  fun)  CyberProtect  CD. 
http:/ /www.disa.rnil /■ 


When  you  come  to  a  fork  in  the  road,  take  it.  (Yogi  Berra,  The  Yogi  Book,  Workman 
Publications,  New  York,  1998,  p.  48.) 

Technology  Security  Certification  and  Accreditation  Process 

(DITSCAP) 

In  response  to  the  Assistant  Secretary  of  Defense  (Command,  Control, 
Conrounications,  and  Intelligence)  memo  of  August  19, 1992,  to  develop  a  standardized 
certification  and  accreditation  (C&A)  process  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course),  DoDD  5200.40  (December  30  1997) 
established  a  standard,  life-cycle  process  (DITSCAP)  to  verify,  validate,  implement,  and 
mamtam  the  security  of  the  DIE  It  focuses  on  confidentiality,  integrity,  availability, 
nonrepudiation,  and  authentication  (CIANA)  and  acceptable  risk  level  or  value  (IRMC 
Information  Infrastructure  Course).  There  is  also  a  non-DoD  version 
NSTISSI 1000  (April  2000)  called  NIACAP.  DITSCAP  is  infrastructure-centric,  describes 
pneric  process  activities  and  tasks,  and  provides  a  process  for  uniform  C&A,  including 
our  levels  of  certification  analysis.  It  reduces  documentation  requirements  significantly 
requirmg  a  system  security  authorization  agreement  (SSAA)  versus  a  large  number  of 
documents  previously  required  by  the  Defense  Information  Systems  Agency.  It  is  a 
success-oriented  C&A  process  with  four  phases;  definition  (mission 
ardutecture/environment,  security  requirements,  SSAA),  verification  (security  features 
implemented  documentation),  validation  (of  integrated  system),  and  post-accreditation' 
(momtor  compliance  and  change  management).  The  process  takes  typically  18  months 
^d  costs  $3,000  to  $400,000.  (See  DITSCAP  Application  Manual  8510.1-M,  July  2000 )  The 
Designated  Approval  Authority  (DAA)  accredits  the  system  under  DITSCAP  (IRMC 
Developmg  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 
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DiTSCAP  Phases  and  Tasks,  per  the  Defense  Information  Systems  Agency^ 


Phase  # 

Phase  1 

Phase  2 

-  -j. - 

Phase  3 

Phase  4 

Phase; 

Definition 

Verification 

Validation 

Post  accreditation 

Purpose 

Gather  IT 
information  to 
plan  the  C&A 
tasks 

Verify  system 
compliance  with 
SSAA  requirements 
to  obtain  a  fully 
integrated  system 
for  certification 
testing  and 
accreditation 

Validates  the  fully 
integrated  system 
compliance  with 

SSAA  requirements 
to  obtain  full 
approval  to  operate 
the  system 

After  accreditation, 
and  until  system 
removed  from 
service  or  changed 
or  a  periodic 
compliance 
validation  is 
required 

Taskl 

Prepare  mission 
description  and 
system 
identification 

System  architecture 
analysis 

Security  Test  and 
Evaluation  (T&E) 

SSAA  maintenance 

Task  2 

Register  the 
system 

Software  design 
analysis 

Penetration  testing 

Physical,  personnel, 
and  management 
control  review 

Task  3 

Prepare  the 
environment  and 
threat 
description 

Network 
connection  rule 
compliance  analysis 

Verify  TEMPEST 
compliance  if 
applicable 

Contingency  plan 

Task  4 

Prepare  the 
system 
architecture 
description 

Integrity  analysis  of 
integrated  products 
(COTS,  GOTS,  NDI) 

Verify  appropriate 
use  of  COMSEC  if 
applicable 

Verify  TEMPEST 
compliance  if 
applicable 

Task  5 

Determine  the 
ITSEC  system 
class 

Life-cycle 

management 

analysis 

System  management 
analysis 

Verify  appropriate 
use  of  COMSEC 
material  and 
equipment  if 
applicable 

Task  6 

Determine  the 
system  security 
requirements 

Vulnerability 

assessment 

Site  accreditation 
survey 

Change 

management 

Task  7 

Identify  the  C&A 
organizations 
and  resources 
reqrxired 

None 

Contingency  plan 
evaluation 

Conduct  risk 
management 
analysis 

Task  8 

_ '  - 

None 

None 

Risk  management 

review 
•  1  1*  .  _  _ ] 

None 

a.  IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course. 


You  can^t  win  through  negotiations  what  you  can  t  win  on  the  battlefield.  (Henry 
Kissinger,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  EHitton  &  Co.,  New  York,  1994,  p.  502.) 

Defense  Refonn  Initiative  (DRI)  of  1997 — see  A-76 

Secretary  of  Defense  William  Cohen  urged  the  use  of  acquisition  reform  initiatives  to 
ease  the  acquisition  process  (e.g.,  federal  supply  schedules).  The  DRI  also  required  the 
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Department  of  Defense  (DoD)  to  compile  lists  of  commercial  activities  done  in-house  that 
could  be  considered  for  outsourcing  under  Office  of  Management  and  Budget  Circular  A- 
76  by  1999  (IRMC  New  World  of  the  CIO  Course).  The  DRI  was  based  upon  a  Defense 
Science  Board  study  of  how  to  reform  DoD.  Initially  it  paralleled  the  study  closely,  but 
full  implementation  was  not  achieved.  Much  of  the  reorganization  of  the  department  was 
either  not  carried  out  or  not  completed.  Some  recommendations  required  legislative 
action  that  was  not  forthcoming.  For  example,  the  Defense  Science  Board  recommended 
that  Assistant  Secretary  of  Defense  for  Command,  Control,  Communications,  and 
Intelligence  (ASD  [CT])  report  to  the  Under  Secretary  of  Defense  (Acquisition  and 
Technology)  in  order  to  establish  an  acquisition  chain  of  command  and  fully  apply 
acquisition  lessons  learned  to  IT.  However,  as  the  DoD  CIO,  ASD  (CT)  was  required  by 
law  to  report  directly  to  the  Secretary  of  Defense.  Further,  the  dictated  reduction  in 

Pentagon  staffing  was  primarily  achieved  by  paper  transfers  of  personnel  to  DoD 
components. 

Gartner  Group  stated  (February  27, 1997)  that  "70  percent  of  the  government 
organizations  that  consider  outsourcing  will  be  unable  to  close  a  deal  because  of 
inadequate  handling  of  human  resource  issues  (.75  probability)."  Total  productive  hours 
set  at  1,776  hours/FTE  (full  time  equivalent  =  average  worker).  Total  personnel  costs  = 
[total  productive  hours/ 1,776  (FTEs)]  x  [basic  pay]  x  [fringe  benefits  (32.45  percent  of 
basic  pay;  where  23.7  percent  =  retirement;  7.05  percent  =  life/health  insurance- 1  7 
percent  =  miscellaneous  benefits)].  The  1,776  hours  is  reached  by  deducting  221 
hours/ year  for  sick/annual  leave,  training,  etc.,  from  1,997  hours.  In-house  costs  = 
personnel  costs  (above)  +  overhead/indirect  costs  (12  percent)  +  materials  and  supply 
epreciation  and  cost  of  capital  and  rent  +  operation,  maintenance,  and  repair  + 
utilities,  travel,  and  insurance  +  MEO  subcontract  costs  +  other  costs  (IRMC  Advanced 
Software  Acquisition  Management  Course). 

Dealing  with  the  Bureaucracy  is  like  trying  to  pick  up  Mt.  Everest.  (Bob  Horrell 
SEA907d,  January  27, 1986.) 

Defense-Wide  lA  Program  (DIAP)— see  Critical  Asset  Assurance  Program  and  Critical 
Infrastructure  Protection  (CIP) 

Assists  in  identifying  critical  assets  in  the  defense  information  infrastructure  and  CT 
sectors;  determines  required  level  of  information  assurance  (lA)  for  critical  information 
assets  in  all  defense  information  sectors;  provides  business  case  for  lA  investments 
especially  shared  risk  remediation  investments;  provides  engineering  standards  for  lA 
designs,  practices,  and  countermeasures  (The  DoD  CIP  Plan  [FOUO],  November  18  1998 
p.  23).  See  Defense  Appropriations  Act  P.  L,  106-65,  (October  5, 1999,  subtitle  E— 
Information  Security,  Section  1043,  paragraph  2224,  Defense  Information  Assurance 
rccSf  focuses  on  two  teams:  Functional  Evaluation  and  Integration  Team 

^EIT)  and  Program  Development  and  Integration  Team  (PDIT).  Contacts  include;  COL 
Smf 703-602-9988,  Gene.Tyler@o.sd.mil,  and  Robert.Gorrie  Robert.gorrie@osd.iTiil. 

(  03)  602-5042,  Eustace  King  eustace.king@osd .mil .  703-602-9969,  George  Bieber,  703-602- 

ggorge.bieber@osd.mj],  systems  administration  and  training;  fax  =703-602-7209. 

DIAP  was  based  on  a  1997  ASD  (C'l)  study  and  was  signed  by  Deputy  Secretary  of 
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Defense  Hamre  on  January  30, 1998.  See  DoDD  5200.28,  March  21, 1988,  Security 
Requirements  for  Automated  Information  Systems  (IRMC  Assuring  the  Information 
Infrastructure  Course).  DIAP  FEIT  addresses  readiness  assessment,  human  resources, 
policy  integration,  security  management,  operational  environment,  architectural 
standards  and  transformational  strategies,  acquisition  support  and  product  development, 
research  and  technology,  critical  infrastructure  integration.  DIAP  PDIT  addresses 
oversight,  coordination,  and  integration  of  DoD's  lA  resource  programs,  lA  initiatives, 
information  assurance  vulnerability  alerts,  computer  network  defense  working  group,  lA 
training,  public  key  infrastructure,  etc. 

DeMilitarized  Zone  (DMZ) 

In  IT,  a  DMZ  is  a  network  segment  between  the  external  firewall  (connecting  to  the 
Internet,  et  al.)  and  an  internal  firewall  connected  to  the  organization's  networks.  The 
DMZ  may  have  its  own  level  of  security  and  security  devices,  software,  etc.,  that  differ 
from  other  network  segments  (IRMC  Developing  Enterprise  Security  Strategies, 
Guidelines,  and  Policies  Course). 

15.  (Shea's  Law)  The  ability  to  improve  a  design  occurs  primarily  at  the  interfaces.  This 
is  also  the  prime  location  for  screwing  it  up.  (David  Akin,  professor.  University  of 
Maryland,  "Akin's  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and  confirmed 
by  Dr.  Akin  dakin@umd.edu  or  DAK1N@SSL.  UMD.EDU.  See 
http:  /  / spacecraft.ssl.umd.edu/academics/akins  laws.html. ) 

Denial  Of  Service  (DoS)  Attacks — cf.  Distributed  Denial  of  Service 

A  malicious  attack  against  an  information  system  to  prevent  that  system  from 
functioning.  There  are  several  techniques  and  different  kinds  of  perpetrators.  Attackers 
can  use  such  techniques  as  mail  bombs,  "syn  flooding,"  "ping  of  death,"  or  "teardrop" 
(IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course). 

1  was  shipwrecked  before  1  got  aboard.  (Seneca,  8  B.C.-65  A.D.,  87,1,  Epistles  from 
Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  129.) 

Dense  Wavelength  Division  Multiplexing  (DWDM) 

A  technology  that  combines  data  from  different  sources  onto  an  optical  fiber  with  each 
signal  carried  on  its  own  separate  light  wavelength.  Using  DWDM,  up  to  80  (and 
theoretically  more)  separate  wavelengths  or  channels  of  data  can  be  multiplexed  into  a 
light  stream  transmitted  on  a  single  optical  fiber.  In  a  system  with  each  channel  carrying 
2.5  Gbps  (billion  bits  per  second),  up  to  200  Gbps  can  be  delivered  by  the  optical  fiber. 
DWDM  is  also  sometimes  called  wave  division  multiplexing  (from  Glossary  of  IM/IT  & 

KM  Terms). 

He  can  see  stars  so  distant  their  light  travels  for  a  hundred  lifetimes  before  it  kisses  the 
eyes  of  the  man.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New  York, 

1996,  p.  173.) 
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Departments — see  Components  and  Services 

Major  divisions  within  the  federal  executive  branch  of  the  U.S.  government.  Within 
the  Department  of  Defense,  this  refers  to  the  three  departments  that  include  the  three 
Services:  CKDA  (Army),  EXDAF  (Air  Force),  EKDN  (Marine  Corps  and  Navy). 

The  fragmented  process  found  in  traditional  companies  lead  to  narrowly  specialized 
jobs  and  organizations  based  on  functional  departments.  Integrated  processes  give  rise  to 
multidimensional  jobs  that  are  best  organized  into  process  teams.  (Michael  Hammer  and 
James  Champy,  Reengineering  the  Corporation,  Harper  Business,  New  York,  1993,  p.  81.) 

Derived  Importance 

A  method  used  to  identify  the  drivers  of  satisfaction.  Statistical  correlation  analyses 
are  used  to  calculate  derived  importance. 

An  old  man  was  living  with  his  son  at  an  abandoned  fort  on  the  top  of  a  hill,  and  one 
day  he  lost  a  horse.  The  neighbors  came  to  express  their  sympathy  for  this  misfortune,  and 
the  old  man  asked.  How  do  you  know  this  is  bad  luck?^^  A  few  days  afterwards,  his  horse 
returned  with  a  number  of  wild  horses,  and  his  neighbors  came  again  to  congratulate  him 
on  this  stroke  of  fortune,  and  the  old  man  replied,  "How  do  you  know  this  is  good  luck?" 

With  so  many  horses  around,  his  son  began  to  take  to  riding,  and  one  day  he  broke  his  leg. 

Again  the  neighbors  came  around  to  express  their  sympathy,  and  the  old  man  replied, 

"How  do  you  know  this  is  bad  luck?"  The  next  year  there  was  a  war,  and  because  the  old 
man’s  son  was  crippled,  he  did  not  have  to  go  to  the  front.  (George  Kao,  Chinese  Wit  & 

Humor,  Coward-McCann,  1946,  quoted  by  Jacob  Braude  in  Neio  Treasuri/  of  Stories  for  Every 
Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  224.) 

Digicash 

A  method  of  electronic  commerce  in  which  the  customer  deposits  funds  in  a  bank; 
decides  to  withdraw  digital  cash;  software  converts  that  request  into  randomly  numbered 
tokens;  the  bank  digitally  signs  the  tokens  with  its  private  key,  sends  these  to  the 
customer,  and  debits  customer's  account.  The  customer  chooses  a  merchant  and  the  item 
to  buy,  orders  it  using  a  digital  cash  option,  and  his  or  her  computer  sends  the 
approximate  number  of  tokens  to  the  merchant.  The  merchant  re-sends  the  tokens  to  the 
online  bank;  the  bank  validates  the  tokens  and  credits  the  merchant's  account  (IRMC 
Managing  Networked  Security  in  a  Networked  Environment  Course). 

Law  of  the  supermarket;  The  other  line  moves  faster.  (3,500  Good  Quotes  for  Speakers, 

Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  235.) 

Digital  Cash 

Funds  that  are  recorded  and  spent  electronically.  Smart  cards  can  be  used  to  record  or 
deposit  digital  cash,  which  can  be  spent  at  merchants  that  have  devices  designed  to  accept 
this  type  of  payment.  Secret  sharing  can  be  used  to  maintain  anonymity  in  digital  cash 
payments  while  precluding  double  spending,  and  bit  commitment  to  trace  cheaters.  Zero- 
knowledge  proofs  are  used  to  authenticate  digital  cash  cards  without  revealing  their  serial 
numbers  (IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course). 

An  unemployed  man  goes  to  apply  for  a  job  with  Microsoft  Corp.  as  a  janitor.  The 
manager  there  arranges  for  him  to  take  an  aptitude  test  (Section:  Floors,  sweeping  and 
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cleaning).  After  the  test,  the  manager  says,  "You  will  be  employed  at  minimum  wage,  $5.15 
an  hour.  Let  me  have  your  e-mail  address,  so  that  I  can  send  you  a  form  to  complete  and  tell 
you  where  to  report  for  work  on  your  first  day."  Taken  aback,  the  man  protests  that  he  has 
neither  a  computer  nor  an  e-mail  address.  To  this  the  Microsoft  Corp.  manager  replies, 

"Well,  then,  that  means  that  you  virtually  don't  exist  and  can  therefore  hardly  expect  to  be 
employed."  Stunned,  the  man  leaves.  Not  knowing  where  to  turn  and  having  only  $10  in 
his  wallet,  he  decides  to  buy  a  25-poimd  flat  of  tomatoes  at  the  supermarket.  Within  less 
than  2  hours,  he  sells  all  the  tomatoes  individually  at  100  percent  profit.  Repeating  the 
process  several  times  more  that  day,  he  ends  up  with  almost  $100  before  going  to  sleep  that 
night.  And  thus  it  dawns  on  him  that  he  could  quite  easily  make  a  living  selling  tomatoes. 

Getting  up  early  every  day  and  going  to  bed  late,  he  multiplies  his  profits  quickly.  After  a 
short  time  he  acquires  a  cart  to  transport  several  dozen  boxes  of  tomatoes,  only  to  have  to 
trade  it  in  again  so  that  he  can  buy  a  pick-up  truck  to  support  his  expanding  business.  By 
the  end  of  the  second  year,  he  is  the  owner  of  a  fleet  of  pick-up  trucks  and  manages  a  staff 
of  a  hundred  formerly  unemployed  people,  all  selling  tomatoes.  Planning  for  the  future  of 
his  wife  and  children,  he  decides  to  buy  some  life  insurance.  Consulting  with  an  insurance 
adviser,  he  picks  an  insurance  plan  to  fit  his  new  circumstances.  At  the  end  of  the  telephone 
conversation,  the  adviser  asks  him  for  his  e-mail  address  in  order  to  send  the  final 
documents  electronically.  When  the  man  replies  that  he  has  no  e-mail,  the  adviser  is 
stunned,  "What,  you  don't  have  e-mail?  How  on  earth  have  you  managed  to  amass  such 
wealth  without  the  Internet,  e-mail  and  e-commerce?  Just  imagine  where  you  would  be 
now,  if  you  had  been  connected  to  the  Internet  from  the  very  start!"  After  a  moment  of 
thought,  the  tomato  millionaire  replied,  "Why,  of  course!  I  would  be  a  floor  cleaner  at 
Microsoft!"  Morals  of  this  story: 

1.  The  Internet,  e-mail  and  e-commerce  do  not  need  to  rule  your  life. 

2.  If  you  don't  have  e-mail,  but  work  hard,  you  can  still  become  a  millionaire. 

3.  Seeing  that  you  got  this  story  via  e-mail,  you're  probably  closer  to  becoming  a  janitor 
than  you  are  to  becoming  a  millionaire. 

4.  If  you  do  have  a  computer  and  e-mail,  you  have  already  been  taken  to  the  cleaners  by 
Microsoft. 

[Received  via  Internet  e-mail;  this  is  an  Urban  Legend;  see  htq.~):  /  / www.snopes2.c.om/ 
or  Brunvand,  Jan  Harold.  Tin’  Bcibu  Trnin.  New  York:  W.  W.  Norton,  1993,  pp.  155-156  or 
Cobb,  Irvin  S.  A  Laugh  a  Day  Keeps  the  Doctor  Away.  New  York:  Garden  City  Publishing, 

1923.] 

Digital  Certificate 

An  electronic  credential  used  to  identify  individuals  when  doing  business  or  other 
transactions  electronically.  It  contains  an  individual's  name,  public  key,  a  serial  number, 
expiration  dates,  and  additional  data  describing  the  individual.  It  also  contains  a  digital 
signature(s)  certifying  its  authenticity.  Digital  certificates  are  a  key  element  in  public  key 
ir^rastructure  encryption.  It  should  be  controlled  via  key  management  infrastructure- 
utilizing  registration  and  certification  authorities.  Standards  include  "pretty  good 
privacy"  (PGP)  and  X.509,  however,  certificate  compatibility  is  a  major  issue.  See 
middleware  and  PKEnable.  http:  /  /searchsecuriW.techtarget.com/sDefinition/ 
n..sidl4  gd211947.00.htm].  Also,  certificates  may  be  hackable — see  Microsoft  Security  Bulletin 
MSOl-017  "Erroneous  VeriSign-Issued  Digital  Certificates  Pose  Spoofing  Hazard" 
(originally  posted:  March  22, 2001,  Updated:  March  28, 2001),  http:  /  / www.microsoft.com/ 
technet/  treeview /default. asp?url=/TechNet/  security /bulletin/ insOl-OlZ.asp,  that  addresses 
an  instance  in  which  a  hacker  conned  VeriSign  into  issuing  a  bogus  certificate  by  posing 
as  a  valid  employee  of  a  client  firm. 
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The  Public  Key  Infrastructure  Steering  Committee  helped  create  the  Federal  Bridge 
Certificate  Authority  http://csrc.nist.eov/pki  /fbca  /welcome.html.  that  enables 
departments  and  agencies  to  issue  digital  certificates.  Under  contract  with  the 
government,  Digital  Signature  Trust  and  AT&T  also  worked  with  industry  partners,  such 
as  VeriSign,  to  develop  Access  Certificates  for  Electronic  Services 
http:/ /hydra. esa.Rov/ aces/index.htm,  the  foundation  for  current  government-wide  PKI 
solutions. 


The  Internet  is  like  a  herd  of  performing  elephants  with  diarrhea— massive,  difficult  to 
redirect,  awe-inspiring,  entertaining  and  a  source  of  mind  boggling  amounts  of  excrement 
when  you  least  expect  it.  (Gene  Spofford,  quoted  by  Des  MacHale  in  W/f,  Roberts  Rinehart 
Boulder,  CO,  1998,  p.  204). 

Digital  Millennium  Copyright  Act  (DMCA)  of  1988 

Prohibits  circumvention  of  technical  measures  controlling  access  to  protected  works 
(effective  in  2000)  as  well  as  manufacture,  importation,  offer  to  the  public,  provision,  or 
trafficking  in  any  technology,  product,  service,  device,  component,  or  part  thereof 
primarily  designed  or  produced  to  circumvent  a  technical  measure,  or  knowingly 
marketing  devices  to  circumvent  technical  measures.  Exceptions  include  lawfully 
authorized  law  enforcement,  intelligence,  and  other  governmental  activities;  for  reverse 
engineering  to  achieve  interoperability  with  other  computer  programs;  for  good  faith 
conduct  of  encryption  research;  and  to  disable  features  which  collect  or  disseminate 
identifying  information  reflecting  the  online  activities  of  a  natural  person  (IRMC 
Advanced  Information  System  Acquisition  Course).  Primarily  affects  code-crackers  and 
software  pirates;  limits  liability  of  service  providers  such  as  Internet  service  providers  and 
colleges  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 


If  you  steal  from  one  author,  it's  plagiarism.  If  you  steal  from  many,  it's  research. 

(Wilson  Mizner,  in  3,500  Good  Quotes  far  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday 
Garden  City,  NY,  1983,  p.  180.) 

Digital  Signature 

An  electronic,  rather  than  a  written,  signature  that  can  be  used  by  someone  to 
authenticate  the  identity  of  the  sender  of  a  message  or  of  the  signer  of  a  document.  It  can 
also  be  used  to  ensure  that  the  original  content  of  the  message  or  document  that  has  been 
conveyed  is  unchanged.  Additional  benefits  to  the  use  of  a  digital  signature  are  that  it  is 
easily  transportable,  cannot  be  easily  repudiated,  cannot  be  imitated  by  someone  else,  and 
can  be  automatically  time-stamped  {Glossary  oflM/lT  &  KM  Terms).  Digital  signatures  are 
key  elements  in  public  key  infrastructure  encryption.  They  should  not  be  confused  with 
electronic  signatures  that  are  digital  representations  of  a  person's  physical  signature.  To 
preserve  privacy,  blinded  digital  signatures  prevent  banks  from  tracking  digital  bill  serial 
numbers.  The  government  of  Canada,  Communications  Security  Establishment,  issued. 
What  is  a  Digital  Signature?  http: /  /  www.cse-cst.gc.ca  /en  /.services /pki  /ds.hfml  and  IDG 
News  Service  published  Margaret  Johnston's  Digital  Signatures  Take  Effect  in  United  States 
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on  October  1, 2000  (IRMC  Managing  Networked  Security  in  a  Networked  Environment 
Course). 


A  verbal  agreement  isn't  worth  the  paper  it's  written  on.  (Samuel  Goldwyn,  quoted  by 
Noah  ben  Shea  in  Great  Jewish  Quotes,  Ballantine,  New  York,  1993.) 

Digital  Subscriber  Line  (DSL) 

A  technology  for  bringing  high-bandwidth  information  to  homes  and  small  businesses 
over  ordinary  copper  telephone  lines.  Assuming  your  home  or  small  business  is  close 
enough  to  a  telephone  company  central  office  that  offers  DSL  service,  you  may  be  able  to 
receive  data  at  rates  up  to  6.1  megabits  (millions  of  bits)  per  second  (of  a  theoretical  8.448 
megabits  per  second),  enabling  continuous  transmission  of  motion  video,  audio,  and  even 
3-D  effects.  More  typically,  individual  coimections  will  provide  from  1.544  mbps  to  512 
kbps  downstream  and  about  128  kbps  upstream.  A  DSL  line  can  carry  both  data  and 
voice  signals,  and  the  data  part  of  the  line  is  continuously  cormected  {Glossary  ofIM/IT  & 
KM  Terms).  Telephone  line  connection  for  personal  use  that  delivers  640  kbps  bandwidth 
to  consumers.  This  enables  VTC  for  personal  use  (IRMC  New  World  of  the  CIO  Course). 
Since  DSL  utilizes  a  sharing  technique,  there  are  security  risks  associated  with  its  use.  DSL 
users  should  provide  their  own  personal  firewalls  and  other  computer  security  software 
to  protect  their  systems  from  attack  or  use  and  control  by  outside  parties. 

We're  lost,  but  we're  making  good  time.  (Yogi  Berra.  The  Yogi  Book,  Workman 
Publications,  New  York,  1998,  p.  51.) 

Digital  Versatile  Disk  (DVD) — see  Optical  Storage  Devices 

A  digital  storage  device/medium  holding  4.7  Gbs/layer,  equivalent  to  7  CD-ROMs. 
DVDs  are  8-10  times  as  fast  as  CD-ROMs,  yet  they  are  backwards  compatible  (i.e.,  DVD 
devices  can  read  CD-ROMs).  DVDs  are  frequently  used  for  motion  pictures  (movies).  A 
DVD  can  hold  a  movie  with  up  to  eight  languages;  support  letterbox  aspect-ration  (16:9); 
lasts  up  to  2  hours  and  13  minutes;  and  costs  about  $20/ movie.  Fidelity  is  excellent.  DVD- 
ROMs  are  becoming  more  prevalent — especially  as  applications  grow  in  size  (e.g., 
Microsoft's  EnCarta  is  on  two  CD-ROMs)  (IRMC  New  World  of  the  CIO  Course). 

All  life  is  only  a  set  of  pictures  in  the  brain,  among  which  there  is  no  difference  betwixt 
those  bom  of  real  things  and  those  bom  of  inward  dreamings,  and  no  cause  to  value  the  one 
above  the  other.  (H.  P.  Lovecraft,  "The  Silver  Key,"  The  Dream  Quest  of  Unknown  Kadath,  p. 

151.) 

Direct  Sequence  Spread  Spectrum  (DSSS)  or  (DS-CDMA) 

DSSS  is  one  of  two  main  methods  of  implementing  spread  spectrum  processing  (the 
other  is  frequency-hopping  spread  spectrum,  FHSS)  to  reduce  interference  in  radio 
frequency  (RE)  signals  (and  make  them  more  difficult  to  intercept).  In  spread  spectrum, 
the  frequency  of  the  signal  is  split  into  portions  (1  MHz  channels)  that  are  spread  through 
the  allowable  bandwidth  (for  wireless  IT,  this  is  an  83.5  MHz  band).  DSSS  is  also  known 
as  direct  sequence  code  division  multiple  access  (DS-CDMA).  With  DSSS,  a  data  signal  is 
combined  with  a  chipping  code  that  divides  the  data  over  the  band  according  to  a 
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spreading  ratio.  The  redundant  chipping  code  helps  with  resistance  to  interference  and 
with  data  recovery  if  bits  are  damaged  during  transmission.  Compared  with  FHSS,  DSSS 
has  greater  range,  higher  data  rates  for  individual  users,  tolerance  of  narrow  band 
interference,  and  better  voice  quality.  However,  it  is  also  has  higher  power,  less  secure 
against  eavesdropping,  limited  number  of  channels,  lower  data  rates  for  multiple  users, 
and  costs  more  than  FHSS  (IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course). 


It's  deja  vu  all  over  again!  (Yogi  Berra.  The  Yogi  Book,  Workman  Publications,  New 
York,  1998,  p.  30.) 


Disaster  Recovery— see  Continuity  Of  Operations  Plan  (COOP) 

This  is  the  process  of  reestablishing  operations  after  a  disaster  occurs.  Its  success  is 
highly  dependent  upon  proper  advance  planning,  such  as  is  performed  when  creating  a 
continuity  of  operations  plan  (COOP).  It  is  part  of  the  discipline  of  assuring  the 
information  infrastructure  (Assuring  the  Information  Infrastructure  Course)  when 
applied  to  IT.  Disasters  can  be  natural  (e.g.,  an  earthquake)  or  artificial  (bomb  or  attack, 
electronic  or  physical).  The  Federal  Emergency  Management  Agency  (FEMA)  was  created 
to  address  disasters.  FEMA  tracks  natural  disasters  on  its  site; 

http:/ / www.esri.com/hazards/.  See  Lucie  Juneau's  "A  River  Runs  Through  IT  -  Disaster 
Recovery"  CIO  Magazine  4/1/98  http://www.cio.com  /archive /04m 98  disasler.hlml 
(IRMC  Assuring  the  Information  Infrastructure  Course). 
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Alternative  recovery  solutions  include  cold  site,  alternate  internal  site,  consortium, 
commercial  hot  site,  and  dedicated  hot  site  in  order  of  cost,  effectiveness,  and  access 
(IRMC  Assuring  the  Information  Infrastructure  Course).  Also,  see  Components  of  a 
Successful  Disaster  Recovery  Plan  at  http: //disaster-resoiirce.com /articles/ 
components  success  wrobel.shtml  which  include  the  eight  R's:  reason  for  planning. 
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recognition  of  disaster,  reaction  to  recognition,  recovery  procedures,  restoration  of  site, 
return  to  normal,  rest  and  relax,  re-evaluate  and  re-document  as  well  as  appendices  with 
call  lists,  forms,  hardware  and  software  lists,  network  diagrams,  contractual  agreements, 
duties  and  responsibilities,  etc.  (IRMC  Developing  Enterprise  Security  Strategies, 
Guidelines,  and  Policies  Course). 

If  all  the  rain  that  is  helpful  for  the  production  of  any  element  came  at  once,  would  it  be 
better?  If  all  the  sunshine  came  at  once,  would  it  be  better?  If  all  the  joy,  all  the  sadness  in 
the  life  experience  of  an  individual  were  poured  out  at  once,  would  it  be  better?  (Edgar 
Cayce,  Healing:  Practitioners  and  Mechanical  Aids,  Circulating  File,  pp.  36-7  2153-6,  November 
12, 1940.) 

Discretionary  Access  Control  (DAC) 

Means  of  restricting  access  to  objects  based  on  the  identity  and  need-to-know  of  users 
and  groups  to  which  the  object  belongs.  Controls  are  discretionary  in  the  sense  that  a 
subject  with  a  certain  access  permission  is  capable  of  passing  that  permission  (directly  or 
indirectly)  to  any  other  subject. 

We  don't  need  you.  You  haven't  got  through  college  yet.  (Hewlett-Packard  executive, 
responding  to  Apple  Computer  founders  Steve  Jobs'  and  Steve  Wozniak's  attempts  to 
interest  the  company  in  the  "personal  computer"  they  had  designed,  1976,  quoted  by 
Christopher  Cerf  and  Victor  Navasky  in  The  Experts  Speak,  Villard,  NY,  1984,  p.  231). 

Distributed  Database 

A  database  that  consists  of  two  or  more  data  files  located  at  different  sites.  Because  the 
database  is  distributed  (or  virtual),  it  can  be  created  from  preexisting  databases  using 
middleware  and  avoiding  expensive  processing  and  rewrite.  It  can  also  avoid  the  risk  of 
single-point  failures. 

At  best,  however,  databases  only  complement  the  personal  networks  of  those  seeking 
answers  to  problems.  No  matter  how  robust  the  search  functionality  or  how  customized  the 
database,  a  person's  network  of  human  relationships  often  determines  which  knowledge 
they  access.  People  usually  take  advantage  of  databases  only  when  colleagues  direct  them 
to  a  specific  point  in  the  database.  For  example,  it  is  common  for  people  to  ask  other  people 
for  information  and  to  be  directed  to  a  specific  point  in  a  database  for  lessons  or  tools. 

Alternatively,  people  might  point  out  work  products,  such  as  legal  documents  developed 
for  other  cases  or  sales  presentation  materials  that  could  be  reused  with  some  modification 
in  the  current  situation.  Rather  than  engaging  in  an  extensive  search  through  an 
organization's  repository  of  knowledge,  employees  turn  first  to  friends  and  peers  to  learn 
where  to  find  relevant  knowledge.  (Rob  Cross  and  Lloyd  Baird,  "Technology  is  Not 
Enough;  Improving  Performance  by  Building  Organizational  Memory,"  Sloan  Management 
Review,  2000,  Vol.  41,  No.  3,  Spring,  MIT  reprint  No.  4135,  Cambridge,  MA,  p.  71.) 

Distributed  Denial  Of  Service  (DDOS)  attacks — see  Denial  of  Service  Attacks 

A  malicious  attack  on  a  system  or  network  orchestrated  from  a  number  of  different 
attack  sites  simultaneously  to  shut  down  the  system  by  overloading  its  capacity.  A 
number  of  popular  commercial  sites  have  been  shut  down  temporarily  due  to  DDOS 
attacks.  Internet  service  providers  can  protect  systems  against  such  attacks. 
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The  interlocking  chain-mail  logic  of  the  underlying  assumption  ...  a  vision  whose  very 
articulation  will  put  in  peril  the  stately  grandeur  of  the  status  quo.  (Stephen  Denning,  The 
Springboard,  Butterworth-Heinemann,  Boston,  2001,  p.  12.) 

Distributed  Learning  or  Distance  Learning — see  e-Learning 

Structured  learning  that  takes  place  without  requiring  the  physical  presence  of  an 
instructor.  Distributed  learning  may  use  multimedia  such  as:  audio /videotapes,  CD- 
ROMs,  audio /video  teletraining,  correspondence  courses,  interactive  television,  and 
video  conferencing  {Glossary  of  MAT  &  KM  Terms). 

A  professor  who  has  taught  for  many  years  was  counseling  a  young  teacher.  "You  will 
discover,"  he  said,  "that  in  nearly  every  class  there  is  a  youngster  eager  to  argue.  Your  first 
impulse  will  be  to  silence  him.  I  advise  you  to  think  carefully  before  doing  so.  He  probably 
is  the  only  one  listening."  (Jacob  Braude,  Neiu  Treasury  of  Stories  for  Every  Speaking  and 
Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  382.) 

Distributed  Processing 

A  technique  using  a  multiplicity  of  separate  computers  in  parallel  to  multiply 
processing  power.  Supercomputing  power  has,  for  instance,  been  achieved  by  ganging 
many  personal  computers  together  to  solve  a  problem.  The  National  Science  Foundation 
has  a  program  wherein  participants  (e.g.,  universities)  voluntarily  allow  access  to  their 
large  computer  systems  so  that  a  virtual  super  supercomputer  can  be  created  via 
distributed  processing.  This  computer  is  more  powerful  dian  any  single  computer  created 
thus  far. 


A  conference  is  a  gathering  of  important  people  who  singly  can  do  nothing  but  together 
can  decide  that  nothing  can  be  done.  (Fred  Allen,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F. 
Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  55.) 

Document  Management 

The  storage,  retrieval,  tracking,  and  administration  of  documents  within  an 
organization.  Originally,  it  constituted  manual  file  cabinets  to  store  paper-based 
documents,  alphabetized  based  on  the  document's  contents.  Since  the  widespread  use  of 
computer  technologies,  document  management  now  also  applies  to  electronic  documents 
and  paper-based  documents  that  have  been  converted  to  electronic  form.  These  electronic 
documents  exist  in  a  variety  of  formats,  including  word-processing  files,  spreadsheets, 
graphics,  video,  audio,  bit-mapped  images,  and  compound  documents  incorporating 
multiple  formats.  IT  document  management  tools  are  used  to  access  electronic 
documents.  Document  management  gives  users  the  ability  to  retrieve  and  manage 
information  in  an  efficient  manner. 


Our  words  fly  like  arrows,  as  though  we  knew  what  was  right  and  wrong.  We  cling  to 
our  own  point  of  view  as  though  everything  depended  on  it.  And  yet  our  opinions  have  no 
permanence:  like  autumn  and  winter,  they  gradually  pass  away  ...  Joy  and  anger,  sorrow 
and  happiness,  hope  and  fear,  indecision  and  strength,  humility  and  willfulness, 
enthusiasm  and  insolence  ...  continually  appear  before  us  day  and  night.  No  one  knows 
where  they  come.  Don't  worry  about  it!  Let  them  be!  How  can  we  understand  it  all  in  one 
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day?  (Chuang  Tsu,  Inner  Chapters,  trans.  Gia-fu  Feng  and  Jane  English,  Vintage  Books 
(Random  House),  New  York,  1974,  p.  22.) 

Domain 

A  sphere  of  influence  or  activity;  a  set  of  admissible  elements  or  entries  (range  and 
domain  of  a  variable).  Domains  are  easily  envisioned  in  terms  of  Venn  diagrams.  They 
can  also  be  described  logically  via  set  theory  and  Boolean  algebra.  A  domain  has  a 
homogeneous  rationale  or  rule  for  what  is  included  in  the  domain  and  what  is  not 
included.  The  general  approach  usually  is  one  of  either  clustering  or  clumping.  High-level 
domains  tend  to  be  intuitively  obvious.  KM,  IT,  systems  engineering,  etc.,  all  can  be 
considered  domains.  In  the  Naval  Facilities  Engineering  Command's  (NAVFAC) 
engineering  network,  the  sub-domains  of  building  facilities  have  been  specified  as  31 
technical  disciplines.  Each  of  these  domains  has  a  leader  and  a  supporting  commumty  of 
practice.  Domains  can  be  considered  components  of  an  overarching  taxonomy. 

However,  "the  effect  of  categorizing  problems  by  disciplines  is  that  they  then  tend  to 
be  attacked  only  by  people  in  that  discipline"  (Russell  Ackoff— -see  systems  management) 
(IRMC  Leadership  for  the  2V'  Century  Course).  NAVE  AC  approached  this  vulnerability 
by  establishing  a  cross-disciplinary  commimity  consisting  of  the  31  technical  discipline 
leaders  (TDLs)  to  cross-pollinate  across  the  entire  enterprise. 

The  initial  section  of  a  URL.  See  http:/ /www.lOpht.com/  for  a  site  selling  domain 
names. 


Expertise  is  knowing  where  to  look  it  up.  Seventy  percent  of  the  literature  in  your  field 
is  garbage  and  expertise  is  knowing  which  70  percent.  (Claudia  Lipschultz,  personal 
communication,  February  24, 1999,  Washington,  DC.) 

Domain  Name  Server  (DNS) 

The  DNS  is  the  entity  that  directs  Web  browsers  to  specific  sites  (via  tmiform  resource 
locators,  or  URLs) — Macromedia  (http:  /  / www.macromedia.com),  for  example. 
Unfortunately,  hackers  sometimes  attack  the  DNS  in  order  to  route  users  to  their  own 
bogus /imposter  sites  which  spoof  the  user's  intended  target  site. 

He  who  laughs,  lasts.  (Leo  Rosten.  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New 
York,  1994,  p.  271.) 

dot  com,  dot-com,  or  .com 

"Com"  is  the  ending  or  extension  on  e-mail  and  World  Wide  Web  addresses  for 
commercial  enterprises;  dot  corns,  therefore,  are  commercial  activities  that  are  Internet 
active.  Their  financial  fortunes  at  first  were  highly  evaluated  resulting  in  very  large 
price / earnings  ratios,  but  more  recently  they  have  fallen  dramatically. 

The  wayside  of  business  is  full  of  brilliant  men  who  started  out  with  a  spurt  and  lacked 
the  stamina  to  finish.  Their  places  were  taken  by  patient  and  unshowy  plodders  who  never 
knew  when  to  quit.  (Jacob  Braude,  Neiu  Treasury  of  Stories  for  Every  Speaking  and  Writing 
Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  Jrme  1961,  p.  271.) 
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Downstream  Liability 

If  a  hacker  uses  your  computer  in  an  attack  and  you  didn't  do  adequate  security,  you 
are  legally  liable  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and 
Policies  Course). 

People  who  fight  fire  with  fire  usually  end  up  with  ashes.  (Abigail  Van  Buren,  quoted 
by  Bill  Kane  in  Gold  Nuggets,  [manuscript],  Alexandria,  VA,  1994.) 

Drill  Down— see  Crawlers,  Data  Mining,  Data  Warehouse,  Drill  Up,  and  Online 
Analytical  Processing 

Narrowing  one's  search  to  locate  a  lower  level  of  abstraction  (i.e.,  more  detailed  or 
specific)  result.  Most  search  engines  allow  the  user  to  narrow  their  search.  Based  on  the 
parameters  set  by  the  knowledge  administrator  or  common  search  delimiters  such  as 
Boolean  search  coordinates,  a  users  can  narrow  their  topic  to  get  more  relevant  results. 
Some  search  engines  and  portal  technologies  use  knowledge  hierarchical  topic  mapping 
to  produce  the  weighted  results  as  well  as  more  manageable  number  of  knowledge  object 
finds  (USA).  Drilling  down  is  also  used  in  searching  through  databases  and  data 
warehouses  using  such  techniques  as  data  mining  and  online  analytical  processing. 
Drilling  up  is  the  opposite  of  drilling  down. 

I  never  let  my  schooling  interfere  with  my  education.  (Mark  Twain,  in  3,500  Good  Quotes 
for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  211.) 

Drill  Up — see  Drill  Down 

Widening  one's  search  to  locate  a  higher  level  of  abstraction  (less  detailed  or  specific 
and  more  general)  results.  Most  search  engines  allow  users  to  expand  their  search.  Based 
on  the  parameters  set  by  the  knowledge  administrator  or  common  search  tools  such 
dates,  suggested  terminology,  etc.,  a  user  can  expand  the  topic  to  get  more  relevant 
results.  Some  search  engines  and  portal  technologies  use  knowledge  hierarchical  topic 
and  discovery  mapping  to  produce  the  more  relational  knowledge  object  searches  (USA). 
Drilling  up  is  also  used  in  searching  through  databases  and  data  warehouses  using  such 
techniques  as  data  mining  and  online  analytical  processing.  Drilling  up  is  the  opposite  of 
drilling  down. 


Forrest  Gump  died  and  went  to  Heaven  where  he  was  met  at  the  Pearly  Gate  by  St. 
Peter  himself.  The  gates  were  closed,  so  Forrest  approached  the  gatekeeper,  St.  Peter,  who 
greeted  Forrest,  saying,  "Well,  Forrest,  it’s  certainly  good  to  see  you.  We  have  heard  so 
many  good  things  about  you.  However,  there  is  an  entrance  quiz  for  everyone.  The  tests  are 
short,  but  you  need  to  pass  before  you  can  get  into  Heaven."  Forrest  responded,  "It  sure  is 
good  to  be  here,  St.  Peter.  I  have  been  looking  forward  to  this,  but  nobody  ever  told  me 
about  any  entrance  exam.  Sure  hope  the  test  isn't  too  hard.  Life  was  a  big  enough  test  as  it 
was."  St.  Peter  explained,  "1  know,  Forrest,  but  the  test  has  only  three  questions:  (1)  What 
days  of  the  week  begin  with  the  letter  T'?  (2)  How  many  seconds  are  there  in  a  year?  (3) 
What  is  God’s  first  name?"  Forrest  went  away  to  think  the  questions  over  and  returned  the 
next  day  to  St.  Peter  to  try  to  answer  the  exam  questions.  St.  Peter  waved  him  up  and  asked, 
Now  that  you  have  had  a  chance  to  think  the  questions  over,  tell  me  your  answers." 

Forrest  responded,  "Well,  to  the  first  one,  how  many  days  of  the  week  begin  with  the  letter 
t  ?  Shucks,  that  one  s  easy.  That'd  be  today  and  tomorrow."  The  Saint's  eyes  opened  wide 
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as  he  exclaimed,  "Forrest!  That's  not  what  I  was  thinking.  But  you  do  have  a  point,  and  I 
guess  I  didn’t  specify,  so  I  will  give  you  credit  for  that  answer.  How  about  the  next  one: 
'How  many  seconds  in  a  year?'"  "Now  that  one's  harder"  said  Forrest,  "but  I  thought  and 
thought  about  that  and  I  guess  the  only  answer  can  be  twelve."  Astounded,  St.  Peter 
exclaimed,  "Twelve!  Twelve!  Forrest,  how  in  Heaven's  name  could  you  come  up  with 
twelve  seconds  in  a  year?"  Forest  answered,  "Aw,  come  on,  St.  Peter,  there's  gotta  be 
twelve.  January  second,  February  second,  March  second  ..."  "Hold  it,"  interrupted  St. 
Peter.  "I  see  where  you're  going  with  it.  I  guess  I  see  your  point,  though  that  wasn't  quite 
what  I  had  in  mind,  but  I'll  give  you  credit  for  that  one  too.  Let's  go  on  with  the  next  and 
final  question.  Can  you  tell  me  God's  first  name?"  Forrest  replied,  "Andy."  When  St.  Peter 
asked  Forrest  how  in  the  world  he  came  up  with  the  name  Andy,  Forrest  replied,  "You 
know,  St.  Peter,  that  song  we  sing  in  church:  'Andy  walks  with  me;  Andy  talks  with  me.'" 
The  lesson:  There  is  always  another  point  of  view,  and  just  because  another  person  doesn't 
see  things  the  same  way  or  understand  the  same  way  that  you  do,  does  not  necessarily 
mean  that  the  other  person's  viewpoint  is  wrong.  [Internet  e-mail  story.] 
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Early  Adopters 

In  the  change  management  life  cycle,  early  adopters  are  the  first,  small  group  to  try 
out  a  new  concept,  product,  etc.  This  paradigm  has  been  addressed  in  the  product  life 
cycle  studied  under  the  marketing  discipline.  This  group  is  outside  the  majority,  who  are 
within  one  standard  deviation  of  the  mean  (68  percent  of  the  distribution).  Since  the 
normal  distribution  is  symmetrical,  the  remaining  32  percent  is  equally  distributed  on  the 
two  sides  of  the  mean,  each  being  16  percent.  This  approximates  the  Pareto  Principle's 
80:20  rule.  Price  Pritchett  describes  the  various  sub-groups  during  change  management  in 
several  books  including  High  Velocity  Culture  Change.  Early  adopters  are  often  referred  to 
during  major  technological  transitions  such  as  the  implementation  of  the  public  key 
infrastructure  or  Navy/Marine  Corps  Intranet. 

Do  not  follow  where  the  path  leads.  Rather,  go  where  there  is  no  path  and  leave  a  trail. 

(Poster) 

Earned  Value  Management  (EVM)  System  (EVMS) 

A  technique  for  managing  contractor  or  developer  performance  on  a  project  against  a 
baseline.  EVM  was  formerly  referred  to  as  cost/ schedule  control  systems  criteria 
(C/SCSC).  Work  packages  have  estimated  costs  associated  with  them  in  accordance  with 
a  predefined  work  breakdown  structure.  As  time  goes  on  the  value  of  work  actually 
performed  (budgeted  cost  of  work  performed,  or  BCWP)  is  compared  with  the  funds 
actually  spent  (actual  cost  of  work  performed,  or  ACWP)  to  calculate  any  overrun  or 
imderrun.  A  cost  performance  index  (CPI)  is  calculated  as  ACWP  /BCWP.  This  is  the 
slope  of  the  curve  (usually  plotted  pictorially  for  program  reviews  and  reports).  Similarly, 
schedule  variances  and  the  schedule  performance  index  (SPI)  are  calculated  from  the 
same  BCWP  and  from  the  estimated  cost  according  to  the  baseline  schedule  (budgeted 
cost  of  work  scheduled)  taken  from  the  project  plan  curve  (created  at  the  beginning  of  the 
project  or  as  updated  via  a  baseline  change  thereafter).  The  schedule  variance  is  the 
BCWS-BCWP  and  SPI  =  BCWS/BCWP.  The  original  budget  total  is  called  the  BAC 
(budget  at  completion).  An  overrun  would  generate  a  new  estimate  at  completion  (EAC) 
that  can  be  calculated  from  the  indices  described  above.  The  difference  (EAC-BAC)  is  the 
estimate  to  complete  (ETC).  See  J.  Davidson  Frame's  "Integrating  Cost  and  Schedule 
Control  to  Measure  Work  Performance"  in  The  New  Project  Management,  Jossey-Bass,  1994; 
Christen,  Major,  and  Ferns'  "Using  Earned  Value  for  Performance  Measurement  on 
Software  Development  Projects,"  Acquisition  Review  Quarterly,  Spring  1995,  pp.  155-69; 
David  Christensen's  "The  Cost  and  Benefits  of  the  EVM  Process,"  Acquisition  Review 
Quarterly,  Fall  1998,  pp.  373-83;  Fleming  and  Koppleman's  "Earned  Value  Project 
Management — a  Powerful  Tool  for  S/W  Projects,"  Crosstalk,  July  1998,  pp.  19-23;  and 
"Major  Acquisitions — Significant  Changes  Underway  in  DoD's  EVM  Process" 
GAO/NSIAD-97-108,  May  1997  (IRMC  Advanced  Software  Acquisition  Management 
Course). 
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Winsight  tool:  (Select  Operations;  Strategic  Planning  and  Policy  Coordination, 
Software  Acquisition  Risk  Management):  http:/ / vvww.sed. monmouth.army.mil/se 
http:  /  /  www.acq.osd.mil/pm 

National  Contract  Management  Association  (NCMA):  http:  /  /  vvww.ncmahq.org. 

It  is  a  gentleman's  first  duty  to  put  back  into  the  world  at  least  the  equivalent  of  what  he 
has  taken  out  of  it.  (Albert  Einstein,  quoted  by  Harold  B.  Walker  in  "Four  Challenges  to 
Hope,"  Rosicrucian  Digest,  Vol.  LI  No.  4,  April  1973.) 

C/Sese  curves  are  like  a  lie  detector  test.  (CAPT  Dave  Fitch,  USN,  PMWIOI  May  9 
1995.)  ^  ' 

Economic  Espionage  Act  (EEA)  of  1996,  P.  L.  104-294, 10/11/96 

Specifically  proscribes  economic  espionage  acts  (filling  gaps  and  inadequacies  of  prior 
laws)  and  the  national  security  aspects  of  such  crimes.  Provides  forfeiture  of  proceeds, 
confidentiality  of  prosecution,  and  extraterritorial  jurisdiction.  It  makes  theft  of  trade  ' 
secrets  a  federal  crime  with  stiff  penalties/ prison  sentences  and  includes  attacks  on 
computers  and  their  informational  contents  (IRMC  Assuring  the  Information 
Infrastructure  Course). 


The  reason  we  do  not  have  inflation  or  unemployment  in  Austria  is,  we've  exported  all 
our  economists  to  the  United  States  and  Canada.  (Anonymous  Austrian  diplomat,  in  3,500 
Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983  p 
78.)  ' 

electronic  Business  (eB  or  eBusiness) 

The  electronic  interchange  and  processing  of  knowledge,  information,  and  data  for 
business  purposes.  It  encompasses  eCommerce  but  also  includes  digitizing  or  automating 
other  business  processes.  It  implies,  but  does  not  ensure,  the  application  of  business 
process  improvement  or  reengineering  to  streamline  business  processes  prior  to  the 
incorporation  of  technologies  facilitating  the  electronic  exchange  of  business  information. 
If  applied  only  cosmetically  ("paving  the  cow  paths"),  it  provides  little  improvement  in 
operations  or  efficiency.  DoDD  8190.2,  DoD  eB/eC  Program,  applies  DoDD  5200.28 
{Security  Requirements  for  AISs)  to  eB  and  eC  systems  and  states  that  "eB/eC  information 
must  be  exchanged,  processed,  stored,  manipulated,  and  disseminated  with  the  assurance 
that  it  is  not  being  exploited,  modified,  or  disrupted  by  adversaries,  interlopers,  or 
competitors.  The  Department  of  Defense  (DoD)  Chief  Information  Officer  issued  the 
DoD  EB/EC  Strategic  Plan  in  May  1999  (IRMC  Managing  Networked  Security  in  a 
Networked  Environment  Course).  See  IBM/Lotus  http:  /  / www.techweb.com /netbiz. 
and  http:/ /www.compaq.com/soliitions/showrooin/  siebel.hhnl  (IRMC  Data 
Management  Strategies  and  Technologies  Course).  "It's  eBiz  or  bDead"  (CERIAS  Security 
Visionary  Roundtable  Call  to  Action,  v.  1.0,  p.  22;  Accenture  (formerly  Anderson  Consulting) 
and  The  Center  for  Education  and  Research  in  Information  Assurance  and  Security 
(CERIAS)  at  Purdue  University,  2001)  (IRMC  Developing  Enterprise  Security  Strategies, 
Guidelines,  and  Policies  Course).  "Visa  International  recently  reported  that  half  of  all 
credit  card  disputes  concerned  Internet  transactions,  although  they  accounted  for  only  2 
percent  of  its  overall  business.  Businesses  must  be  able  to  identify  a  customer  and 
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determine  that  the  customer's  use  of  the  credit  card  is  authorized,  and  in  turn,  customers 
must  be  assured  on  the  legitimacy  and  security  of  the  business  site."  (Walker,  Peter. 
"Watch  out  for  the  Web,"  Credit  Management,  March  2000.  pp.  24-25,  as  quoted  by 
Garceau,  Linda  R.  "Internet  fraud"  Ohio  CPA  Journal,  Columbus  July-September  2000, 

Vol.  59,  Issue  3,  Pages  50-55, 423-439-4432).  Presently,  many  Web  sites  employ  Secure 
Sockets  Layer  encryption  to  ensure  confidentiality,  integrity,  and  authenticity  of  the  data. 
But  it  does  not  authenticate  the  customer  to  the  merchant®  (IRMC  Developing  Enterprise 
Security  Strategies,  Guidelines,  and  Policies  Course  author's  final  paper,  PKI 
Vulnerabilities). 

Defense  Electronic  Business  Program  Office: 
http://www.defenselink.mil/  acq/  ebusiness/ 

Alliance  Por  Converging  Technologies:  http:/  / www.cKtnet.com 

Business  2.0:  http:  /  /  www.business2.com 

Cyber  Atlas:  btqi:  /  / www.cyberatlas.internet.com. 

So  SF  [Science  Fiction]  teaches  us  that  those  who  do  not  remember  the  future  are 
condemned  to  repeat  it.  (Nancy  Burnett,  NAVSEA) 

electronic  Checks  (e-Checks)  or  Digital  Checks 

E-checks  were  designed  specifically  for  the  Internet.  They  are  digitally  signed  and  e- 
mailed  with  payment  related  information  to  the  payee.  The  payee  then  verifies  the 
identity  of  the  payer,  endorses  the  check  with  his  or  her  own  digital  signature,  and 
deposits  (e-mails)  the  e-check  to  a  financial  institution.  The  Department  of  the  Treasury 
began  using  e-checks  in  1998.  Over  $10  million  in  e-checks  has  been  issued.  E-checks  can 
substantially  reduce  the  cost  of  business  (Leadership  for  the  New  Millennium:  Delivering  On 
Digital  Progress  and  Prosperity,  third  armual  report  of  the  U.S.  Government  Working 
Group  on  Electronic  Commerce,  January  16, 2001). 

A  nickel  ain't  worth  a  dime  anymore.  (Yogi  Berra,  The  Yogi  Book,  Workman 
Publications,  New  York,  1998,  p.  19.) 

electronic  Commerce  (eC  or  eCommerce)— see  eBusiness,  Business  Process 
Reengineering 

The  buying  and  selling  of  goods  and  services  on  the  Internet,  especially  the  World 
Wide  Web.  Often  this  term  and  the  term  "eBusiness"  are  used  interchangeably.  In 
practice,  e-Commerce  is  usually  restricted  to  the  process  of  buying,  selling,  and  paying;  e- 
Business  refers  to  the  digitalization  of  a  vast  area  of  business  processes.  For  online  retail 
selling,  the  term  entailing  is  sometimes  used  (Glossary  oflM/IT  &  KM  Terms).  IRMC 
identifies  six  eC  levels:  simple  passive  advertising,  tracking  "hits"  to  imderstand 
demographics,  generating  leads  (visitors  leave  information),  allowing  visitors  to  order 
items,  order  fulfillment  directly  via  the  Internet,  and  active  content  and  service  oriented. 
Secure  eC  transactions  can  be  performed  in  different  ways,  including  cybercash, 
DigiCash,  e-checks.  First  Virtual,  and  secure  electronic  transfer  (SET)  (IRMC  Managing 
Networked  Security  in  a  Networked  Environment  Course).  The  IRMC  New  World  of  the 
CIO  Course  defines  eC  as  "the  use  of  IT  as  a  tool  to  support  commerce."  Examples 
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include:  home  banking,  home  shopping,  e-cash,  smart  cards,  electronic  data  interchange, 
interactive  marketing  and  sales,  interactive  advertising.  It  is  a  more  efficient  means  of 
doing  business  because  of  lower  purchasing  costs,  reduced  inventories,  lower  cycle  times, 
better  customer  service,  lower  sales  and  marketing  costs,  and  new  sales  opportunities. 
Booz-Allen  and  Hamilton  estimates  that  it  costs  about  a  penny  to  conduct  a  banking 
transaction  via  Internet  versus  one  dollar  via  a  physical  bank  teller.  Online  retail  sales 
were  $7.8  billion  in  1998,  but  are  expected  to  reach  $29.6  billion  (Jupiter  Communications) 
to  $220  billion  (IDC)  in  2001.  The  Navy /Marine  Corps  Intranet  (NMCI)  contract  requires 
EDS  Corp.  to  deliver  a  Web-based  tool  for  ordering,  invoicing,  and  payment  of  services 

ordered  under  the  NMCI  contract.  Hundreds  of  transactions  have  been  completed  thus 
far. 

However,  organizations  that  rush  to  create  electronic  commerce  sites  without 
understanding  the  fundamental  relationship  of  business  and  technology  leave  themselves 
open  to  catastrophic  results  http:  /  /  www.tcchrepublic.com/  and 
blfp-/ /niembers.aol.com/lpangl047.3/ ec.htm  (IRMC  Critical  Information  Systems 
Technologies  Course).  AUCNET  is  a  proprietary  computer  and  satellite  communications 
system  for  selling  used  cars.  It  clearly  differentiates  between  the  traditional  marketplace 
and  the  virtual  market  space.  EC  is  used  in  many  markets  including  (in  order  of  sales  in 
1997  according  to  Forrester  Research,  Inc.):  computer  products,  travel,  entertainment, 
gifts/flowers,  apparel,  food /drink,  other. 

Government  resources  include: 

Federal  eC  Program:  http://ec.Fed.gov 
DoD  eC  Office:  http:  /  /wwvv.acq.osd.mi]  /ec/ 

U.S.  government  policy:  http:  /  /  www.ecommerre  gov 
Scranton  ECRC:  http  :/ / wwvv.ecrc.uofs.edu/. 


Government  storefronts  include:  http://wwvv.g.sa.gov.  http:  /  /  www.sevvp.na.sa .vnv . 
and  http://www.emall.dla.mil. 

Other  storefronts  include:  http:/ / www.amazon.com.  http:  /  / www.vhrtualvin.com. 
hftp:/ /www. peapod.com/ .  Also  see  eCommerce  news  at  http: /  /ww w.allec.com  (IRMC 
Data  Management  Strategies  and  Technologies  Course). 

IT/KM/eC  tools,  http.  /  /  wwvv.microsoft.com  / Indonesia  /  enterprise  / itadv' isor.html 
http:/ / wwvv.acq.osd.mil/ec/  (IRMC  Critical  Information  Systems  Technologies  Course). 
In  an  ITAA  survey,  62  percent  of  executives  names  "lack  of  trust"  as  the  top  barrier  to  eC 
(IRMC  Assuring  the  Information  Infrastructure  Course).  On  November  30, 2000,  the 
European  Ministers  of  Justice  and  Internal  Affairs  adopted  a  regulation  such  that  a 
consumer  in  one  EU  nation  having  a  dispute  over  a  product  purchased  in  another  EU 
nation  may  sue  the  retailer  in  the  consumer's  own  nation.  This  is  likely  to  affect  e-tailors 
with  only  a  virtual  presence  in  some  EU  nations  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course). 
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Digital  Commerce  Center,  University  of  Southern  California: 
liUjT  /  /  WWW  pc2.edu  /dccenter/ok/seminars.html 

E-Commerce  Times:  http:  /  /  vvww.ecommercetimes.com 
Fast  Company:  http:  /  /  wvv  vv.fastcornpany  .com  /homepage /_ 

Online  merchants  and  off-line  services  for  comparison  prices,  descriptions, 
availability:  http:  /  /www.mvsimon.com 

Space  and  Naval  Warfare  Systems  Command:  https:  /  /  e-cpmmerce.spawar.navy.rml- 

Lose  no  time;  be  always  employed  in  something  useful;  cut  off  all  unnecessary  actions. 

(Time  Management,  p.  42.  Winwood,  Richard  1.  Excellence  through  time  management  by 
Richard  1.  Winwood,  with  Hyrum  W.  Smith.  Salt  Lake  City,  Utah:  Franklm  Institute,  cl985. 

138  p.  ill. ;  23  cm.) 

Electronic  CommunicaHons  Privacy  Act  (ECPA),  10/21/86,  P.  L.  99-508-see  Privacy  Act 
of  1974  and  Foreign  Intelligence  Surveillance  Act 

Prohibits  unauthorized  interception  of  electronic  communications  (e-mail,  data 
transmissions,  videoconferencing,  digitized  voice,  cordless,  and  cellular  telephones,  etc.), 
prohibits  unlawful  access  to  or  divulging  of  stored  communications;  covers  private 
networks  and  common  carriers;  has  exceptions  for  law  enforcement,  consensua 
monitoring,  and  operational  management  of  systems.  It  updates  the  federal  privacy 
clause  in  the  Omnibus  Crime  Control  and  Safe  Streets  Act  of  1968  to  include  voice,  video, 
and  data  whether  transmitted  over  wire,  microwave,  or  fiber  optics.  It  did  not 
cordless  phones,  but  the  Commimications  Assistance  to  Law  Enforcement  Act  adde 
them  so  warrants  are  now  required  for  them  (IRMC  Assuring  the  Information 
Infrastructure  Course). 

If  he  does  his  job  properly,  he'll  understand  the  purpose  of  the  rules  and  therefore 
know  when  it  is  appropriate  to  make  exceptions.  (Orson  Scott  Card,  Shadow  of  the  Hegemon, 

Tom  Doherty  Associates,  New  York,  2000,  p.  138.) 

Electronic  Data  Interchange  (EDI) 

The  computer-to  computer  exchange  of  business  data  between  enterprises.  EDI  has 
been  used,  for  instance,  for  business-to-business-type  transactions  with  long-term 
industry  partners.  It  can  be  useful  for  business  process  reengineering  efforts;  however  it 
has  been  (to  a  significant  degree)  overshadowed  since  the  rise  of  the  Internet.  While  EDI 
can  be  more  technically  secure,  it  also  increases  risk  due  to  the  required  trust  m  one  s  EDI 
partner(s).  The  information  sent  via  EDI  is  in  the  form  of  a  transaction  set  patterned  after 
a  conventional  paper  document  such  as  an  invoice  or  purchase  order.  It  can  reduce 
inventory  requirements.  In  practice,  EDI  uses  an  intermediary  called  a  value-added 
network  (VAN)  that  acts  as  a  clearinghouse  (though  point-to-point  connections  can  also 
be  used  via  dedicated  or  leased  lines).  EDI  is  tailored  to  specific  user  needs  and  can 
reduce  costs,  order  time,  and  error  rates.  EDI  uses  ANSI  X12  and  UN/EDIFACT 
standards  that  define  formats,  structures,  transaction  sets,  etc.  Standards  provide  broad 
definition  of  document  contents  while  implementation  conventions  (ICs)  between  specific 
users  identify  specific  data  and  information  to  be  shared.  However,  ICs  are  often 
designed  for  an  industry  as  a  whole.  An  EDI  electronic  document  is  wrapped  in  an 
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electronic  envelope;  EDI  software  translates  the  form  into  EDI  format;  EDI 

documents.  DoD  help  lines:  (888) 

352-9333  or  (616)  961-4725,  DSN:  932-4725;  fax  is  (616)  961-5305.  Or: 

^xV/mvw.ary^sd  mil/ec/  and  dl.is-support@dlis.(lla  jm]  (IRMC  Data  Management 
Strategies  and  Technologies  Course).  ” 


rivp^  strength  to  accept  with  serenity  the  things  that  cannot  be  changed 

Give  us  the  courage  to  change  the  things  that  can  and  should  be  changed.  And  give  us 
wisdom  to  distinguish  one  from  the  other.  (Admiral  Hart,  quoted  by  Jacob  Braude  in  Neio 

CliS^NJJune  1%T  Occasion,  Prentice  Hall,  Inc.,  Englewood 

Electronic  Freedom  Of  Information  Act  (e-FOIA) 

Freedom  of  Information  Act  pertaining  to  electronic  forms  and  documents  The 

to  Amendments  of  1996  (eFOIA),  which  are  designed 

Inn  Sftl  H  I^^rmation  Act  into  the  electronic  age  by  establishing  that  FCTA 
applies  to  records  maintained  in  electronic  formats  (softcopy)  as  well  as  hardcopy 

{G  ossaty  ofIM/IT  &KM  Terms).  The  intention  is  to  broaden  public  access  to  government 
ii^orrnation  by  placing  more  records  online.  It  is  facilitated  by  directives  establishing  the 
validity  of  electronic  signatures  for  the  vast  majority  of  document  types.  ^ 

-mey  that  give  up  essential  liberty  to  obtain  a  little  temporary  safety  deserve  neither 
iberty  nor  safety^JBenjamin  Franklin,  in  3,5f)0  Good  Quotes  for  S;Lters,  Gerald  F 
Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983  p.  136.) 

Transfer  (EFT)  or  Electronic  Financial  Transactions 
fba  T  electronic  transactions  and  payments.  For  instance,  the  Department  of 

the  Treasury  now  auchons  U.S.  Treasury  securities,  and  products  are  entirely  electronic 

ansportation  held  a  conference  on  EFT  in  September  2000  in  Washington  DC 
(^AZwwwdm^^  The  Defense  Finance  and  Accounting  Se'rvice 

(  FAS)  pays  DoD  employees  electronically  and  provides  the  Employee /Member 

statem^tT  employees  can  view  their  leave  and  earnings 

statements,  change  their  exemptions,  etc.  hffpV/emss.dfas.nul  hur. 

Up  and  down  the  City  Road, 

In  and  out  the  Eagle, 

That's  the  way  the  money  goes — 

Pop  goes  the  weasel! 

n„  jy  "'’“P  f™"'  Tk  Oxford  Dicliooon,  of 

Quotations,  Oxford  University  Press,  New  York,  1980,  p.  328,  No.  10.)  ^ 

Electronic  Government  (e-Gov) 

1)  The  conversion  of  government  operations  by  introducing  electronic  processes  to 

electiomc  media.  In  the  Department  of  the  Navy,  eGov  is  specifically  and  actively 
pursued  through  integrating  KM  and  e-Business.  See  e-check,  electronic  funds  transfer. 
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Government  Paperwork  Elimination  Act,  etc.  Applicants  for  federal  trademark 
registration,  for  instance,  can  now  use  the  Trademark  Electronic  Application  System 
(tIaS)  to  submit  almost  all  trademark-related  forms  electronically.  Already  more  than  10 
percent  or  trademark  applications  are  submitted  electronically  (http:  /  /teas.uspto.govZ). 

2)  eGov  is  also  a  nonprofit  organization  that  presents  conferences  on  e-government 
and  related  topics  on  a  regular  basis.  Such  conferences  each  have  a  motif  specific  to  that 


conference.  , ,  ^  ^  ,  ,  y.  , 

Information  Technology:  0MB  Leadership  Critical  to  Making  Needed  Enterprise 

Architecture  and  E-government  Progress.  CAO-02-389I  (28  pp.)  March  21, 2002, 

http:  /  /  www.gan.gov  /new.items  /  d02389t.pdi. 


He  who  has  begun  has  half  done.  Dare  to  be  wise;  begin!  (Horace,  ii,  40,  Epistles,  book  I 
from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  12  .) 


Electronic  Learning  (e-leaming) — see  Distributed  Learning  ,  *  •  r 

Training  or  organized  learning  without  the  physical  presence  of  a  teacher.  ° 

methods  and  media  can  be  used  to  deliver  the  instruction:  audiovisual,  CD-ROMs,  video- 
teletraining,  correspondence  courses,  interactive  television  or  video-conferencing,  etc. 

The  chief  knowledge  that  a  man  gets  from  reading  books  is  the  knowledp  that  very 
few  of  them  are  worth  reading.  (H.  L.  Mencken,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F. 
Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  131.) 


Electronic  Mail  (e-mail) 

A  software  application  that  allows  asynchronous  message  transmissions  between 
computers  and  users.  They  are  now  contractor  off-the-shelf  (e.g.,  Microsoft  Outlook)  and 
generally  unsecured.  See  Richard  Behar's  "Who's  Reading  Your  e-mail?  Fortune,  Vol. 
135  No.  2,  February  3, 1997,  pp.  56-70  (IRMC  Advanced  Software  Acquisition 
Management  Course).  Encryption  techniques  (e.g.,  public  key  infrastructure)  can  protect 
the  contents  of  e-mail.  Alternately,  Virtual  Private  Networks  can  be  used. 


1  do  not  look  upon  any  system  of  wireless  telegraphy  as  a  serious  competition  with  our 
cables.  Some  years  ago  I  said  the  same  think  and  nothing  has  since  occurred  to  alt^  my 
views.  (Sir  John  Wolfe-Barry,  Chief  Executive  of  Western  Telegraph  Company  at  meir 
annual  stockholder's  meeting  in  1907.  (Christopher  Cerf  and  Victor  Navasky  m  The  Experts 
Speak,  Villard,  NY,  1984,  p.  136.) 


Electronic  Signature  (e-sign)  Act 

The  electronic  signatures  in  global  and  national  commerce  act,  enacted  on  June  , 
2000  and  effective  as  of  October  1, 2000,  eliminates  legal  barriers  to  the  use  of  electromc 
technology  to  form  and  sign  contracts,  collect  and  store  documents,  and  send  and  receive 
notices  and  disclosures  (from  Glossary  ofIM/lT  &  KM  Terms).  Technically,  electromc 
signatures  include  devices  whereby  the  customer  physically  enters  his  or  her  actual 
siLature  on  a  device  that  digitizes  the  signature.  Antithetically,  digital  signatures  do  not 
resemble  physical  signatures  at  all,  but  are  a  computer  generated  (encrypted)  set  of 
characters. 
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if  if  -c  ®  mclude  a  biometric  versus  a  physical  signature  as  an  electronic  signature 

If  It  IS  modified  via  a  hash  algorithm.  While  electronic  and  digital  signatures  do  prwide 
nomepudiation  they  do  not  replace  trust  between  individual  people  (IRMC  Developine 

Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course).  ^ 

The  90-90  rule  of  project  schedules;  The  first  90  percent  of  the  project  takes  90  percent  of 
the  allotted  hme.  The  last  10  percent  takes  the  other  90  percent,  (revived  via  Internet  e^^^ 

^thor  unknown.  Probably  inspired  by  Frederick  P.  Brooks'  classic:  The  Mythical  Man- 
Month,  Essays  on  Software  Engineering,  Addison-Wesley,  Reading,  MA,  198Z) 

effecfon'ihP  Engineering  Design);  If  you  want  to  have  a  maximum 

designing  the  vehicle  to  look  like  the  initial  artist's  concept.  (David  Ln,  professor  ^ 

dZnZ°.  or 

http.//spacecratt.ssl.umd.edu/acadcmics/akin.s  laws  html  1 

Electronic  Vaulting 

An  off-site  backup  technique  that  can  be  part  of  an  organization's  COOP  and  disaster 
Spares  baSons“'’'“"'  butjoumaiing 


13  Design  IS  based  on  requirements.  There's  no  justification  for  designing  something 
one  bit  better  than  the  requirements  dictate.  ^ 

of  A  "  professor.  University 

of  Maryland,  Akin  s  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and 
contirmed  by  Dr.  Akin  dakin@umd.cdii  or  DAKIN@SS|..UMD.Fni  I  See 
Ilftp :  /  /  s  pacec  ra  f  t.  ss  I .  u  m  d .  ed  u  /  aca  d  e  m  i  cs  /  a  ki  n  s  I  a  ws.  h  tin  11 

Encryption — see  Cryptography 

The  cryptographic  method  of  protecting  information  from  disclosure  to  unauthorized 
persons  by  encoding  the  information  via  algorithm  that  utilizes  protected  keys  The  kevs 
may  be  symmetric  or  asymmetric.  Public  key  infrastructure  uses  asymmetric  keys  (see 
asymmetric  cryptography  above).  The  strength  of  the  encryption  depends  upon  the 


Encryption  Key  Strength’ 


Key  size: 
No.  of  bits 

- — - J..T  _ 

Key  space: 

No.  of  possible 
keys 

Time  required  for 
a  home  computer 
to  break 

Time  required  for  a 
supercomputer  to 
break 

16 

65.5  thousand 

33.6  ms 

Negligible 

32 

4.3  billion 

36  minutes 

2.2  ms 

64 

1.8x10''' 

4.5  years 

10  hours 

128 

3.4  X  10” 

5.4  X  10^^  years 

5.4  X  10'“  years 

256 

1.16  X  10" 

1.9  X  10“  years 

1.9  X  10'''' years 
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Weak  encryption  stops  your  kid  sister  from  reading  your  files,  strong  encryption  stops 
major  governments  from  reading  your  files  {Applied  Cryptography:  Protocols,  Algorithms, 
and  Source  Code  in  C  by  Bruce  Schneier)  (IRMC  Managing  Networked  Security  in  a 
Networked  Environment  Course).  Freeware  file  encryption:  http:/ / www.pcmag.com 
(IRMC  Assuring  the  Information  Infrastructure  Course). 

If  you  tell  what  you  know,  everybody  is  wiser.  If  you  keep  a  secret,  then  everyone  is  a 
fool.  (Orson  Scott  Card,  Xenocide,  Tom  Doherty  Books,  New  York,  1991,  p.  511.) 

Enhanced  Data  GSM  Environment  (EDGE) 

A  faster  version  of  the  global  system  for  mobile  (GSM)  wireless  service  designed  to 
deliver  data  at  rates  up  to  384  kbps  and  enable  the  delivery  of  multimedia  and  other 
broadband  applications  to  mobile  phone  and  computer  users.  The  EDGE  standard  is  built 
on  the  existing  GSM  standard,  using  the  same  time-division  multiple  access  (TDMA) 
frame  structure  and  existing  cell  arrangements.  Ericsson  notes  that,  when  available,  its 
base  stations  can  be  updated  with  software  (Glossary  of  IM/TT  &  KM  Terms). 


Law  of  hydrod)mamics:  When  the  body  is  immersed  in  water,  the  telephone  rings. 

(3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NV, 

1983,  p.  212.) 

Enterprise — see  Interoperability 

An  organization  considered  as  a  whole  entity  or  system.  Enterprises  today  are  viewed 
as  open  systems — interacting  with  other  systems  and  with  their  environments  versus 
closed  systems  that  are  self-sufficient.  Thus,  enterprises  now  consider  relations 
management  in  working  with  customers  and  suppliers  and  metrics  experts  emphasize 
outcomes  (interactions  with  the  environment  and  its  denizens)  rather  than  outputs 
(inherent  in  the  enterprise  itself).  The  latter,  in  mathematical  terms  would  be  considered 
intermediate  variables  or  conditional  probabilities.  Enterprises  have  a  degree  of 
homogeneity  within  and  heterogeneity  without  (interfacing  with  external  entities).  Each 
government  agency  is  generally  viewed  as  an  individual  enterprise.  However,  in  the 
Department  of  Defense  (DoD),  each  department  is  usually  (except  for  joint  programs) 
viewed  as  an  enterprise.  While  there  are  efforts  to  consider  the  entire  federal  government 
as  an  enterprise,  the  diversity  of  activities  and  orientations  indicates  that  it  is  more  a 
conglomerate  than  a  true  enterprise  (it's  not  homogeneous  enough).  Indeed,  in  a  doctoral 
course  at  the  George  Washington  University,  a  professor  wished  to  compare  and  contrast 
business  processes  between  and  among  government,  industry,  and  nonprofit 
organizations.  But,  this  anecdotal  and  informal  survey  demonstrated  that  while  industry 
and  nonprofits  were  consistent  within  their  categories,  the  government  was  not.  Upon 
investigation,  it  became  quite  apparent  that  the  problem  lay  in  the  differences  between 
civilian  and  military  departments.  A  continuum  appeared  to  exist: 

nonprofits  civilian  agencies  military  departments  industry 

Note  the  small  differences  between  the  first  two  and  between  the  last  two  and  the 
large  difference  between  the  civilian  and  military  departments.  The  great  benefits  from  an 
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enterprise  approach  (basically  a  systems  thinking  and  engineering  approach)  are  based 
upon  the  shared  goals  and  essence,  culture,  values,  etc.,  of  the  enterprise.  The  military 
departments  do  vary  somewhat  in  these  areas,  but  they  exhibit  considerable  similarities 
as  well.  The  same  cannot  be  said  of  the  civilian  agencies  versus  DoD.  Thus,  as  noted  or 
implied  by  the  Chief  Information  Officer  Council's  subgroup  on  the  federal  architecture 
framework,  the  potential  gains  for  a  federal  architecture  are  quite  limited  (estimated  at  20 
percent).  One  might  argue  that  most  of  these  potential  gains  would  result  from 
standardizing  across  civilian  agencies  versus  integrating  them  with  DoD.  A  scientific  and 
systems  approach  (e.g.,  using  the  scientific  method)  would  balance  the  advantages  and 
disadvantages  of  centralization  versus  decentralization.  It  would  also  consider  the  ends 
and  the  means. 

The  greatest  use  of  a  life  is  to  spend  it  for  something  that  outlasts  it.  (Henry  James, 
quoted  by  Jacob  Braude  in  Neiu  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion, 

Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  215.) 

Enterprise  Application  Integration  (EAI) 

An  integrated  approach  to  introducing  and  implementing  IT  whereby  an  integrator 
provides  the  entire  solution  (similar  to  a  prime  contractor  or  systems  integrator  in  the 
acquisition  community)  and  is,  thus,  responsible  for  overall  system  performance.  Thus, 
for  instance,  the  EAI  vendor  might  choose  a  particular  enterprise  resource  planning  (ERP) 
solution  that  would  not  meet  all  the  customer's  requirements,  but  would  also  select 
compatible  bolt-ons  or  auxiliary  software  (and  modifications)  to  achieve  overall  system 
performance  requirements.  See  Derek  Slater's  "The  Ties  That  Bolt,"  CIO  Magazine,  April 
15, 1999,  for  a  discussion  of  bolt-ons  and  their  application  to  ERP  as  well  as  of  EAI 
(http:  /  / www.cio.com /archive /Q41599  erp.h fm I)  (IRMC  Critical  Information  Systems 
Technologies  Course). 

The  obscure  we  see  eventually,  the  completely  apparent  takes  longer.  (Edward  R. 

Murrow,  quoted  by  Lawrence  J.  Peter  in  The  Peter  Prescription,  William  Morrow  &  Co.,  New 
York,  1972,  p.  167.) 

Enterprise  Resource  Planning  (ERP) 

ERP  is  a  software  package  that  integrates  what  were  formerly  different  databases 
(hard  or  soft  copy)  across  an  enterprise.  Such  different  domains  as  human  resources, 
finance,  etc.,  can  be  included  in  the  package.  While  the  ERP  uses  a  particular  database 
(often  the  customer  can  select  from  several  options  for  a  given  ERP  vendor's  product),  the 
ERP  itself  includes  a  set  of  business  rules  (and  metadata)  that  can,  to  a  degree,  be  tailored 
to  individual  customer  needs.  Beyond  this  defined  set  of  tailoring  options,  the  customer 
can  write  new  code  that  extends  or  changes  the  ERP.  However,  the  ERP  vendor  will  not 
support  any  special  code  unless  the  customer  can  entice  that  vendor  to  include  the 
changes  in  a  future  version  of  the  ERP.  If  the  change  is  beneficial  to  other  ERP  customers, 
the  vendor  may  elect  to  do  so.  For  instance,  the  Navy  Standard  Integrated  Personnel 
System  (NSIPS)  purchased  PeopleSoft  ERP.  It  included  software  buttons  to  store  and 
recall  user  comments.  However,  users  could  not  tell,  without  pushing  the  buttons) 
whether  there  were  existing  comments  already  loaded.  NSIPS  wrote  code  to  highlight 
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these  buttons  (blacken  them)  if  they  accessed  a  comment  (they  were  gray  if  there  was  no 
comment).  Since  this  was  advantageous  to  all  users  (not  just  NSIPS),  PeopleSoft  elected  to 
include  it  in  future  upgrades  to  its  ERP  package-saving  NSIPS  the  maintenance  costs  for 
the  rmique  modification.  Of  course,  this  could  also  be  touted  as  a  successful  use  of  , 
customer.  CIO  Magazine  (October  15, 1999)  describes  how  David  Johns  of  Owens  Cormng 
used  ERP  but  had  to  revise  business  practices  and  address  customer  interfaces  as  well 
rhthr  /  /vvww.rio.rom/archive/101 599  erp2.html).  For  the  Navy's  plan  to  introduce  ERP 
and  standard  data  elements,  see  Robert  Berg  and  Corbin  Fauntleroy's  A  Brief  History  of  the 
ERP  Ejforts  in  the  Revolution  in  Business  Affairs,  Center  for  Naval  Analyses,  Alexandria, 

VA,  September  1999:  http:  /  / www.cio.com/ forums/ erp/ articles.html; 
http://members.aol.com/lpangl0473/ enter.htm; 

The  Ties  That  Bolt  and  two  other  articles: 
http:  /  /cio.com  /archive / 041599  erp  content.htinl; 
httj-):  /  /www.peoplesoft.com/ ; 

http: / / www.sap.com/products/industry/public/pub  over.htm  (IRMC  Critical 

Information  Systems  Technologies  Course).  There  are  numerous  ERP  Web  sites, 
including:  http:  /  /  www.erpfans.com  / ;  http:  /  /  www.erpsupersite.comZ; 
http:  /  /  www.erpassist.com/ ,  etc. 

You  can't  jump  70  percent  of  the  way  across  a  chasm  and  be  successful.  (H.  Edward 
Cypert,  TRW  president  for  operations,  before  the  Government  Reform  and  Oversight 
Committee,  May  25, 1995.) 

Enterprise  Software  Initiative  (ESI)  .  ^  ,  , 

An  initiative  (e.g.,  by  the  Department  of  Defense  Chief  Information  Officer)  to  develop 
an  enterprise-oriented  business  process  for  software  asset  management  utilizing 
enterprise  software  agreements  (ESAs).  ESAs  are  contracts  (often  blanket  purchase 
agreements,  BP  As)  to  acquire  software  assets  for  enterprise-wide  use.  This  approach 
increases  interoperability  within  the  enterprise,  through  the  purchase  of  standardized 
assets.  Such  assets  can  be  software  products  or  licenses.  Enterprise  purchases  or  licenses 
can  leverage  organizational  buying  power  as  well  as  improve  efficiency  by  consolidating 
requirements  so  as  to  reduce  total  ownership  costs  (TOC  or  TCO).  The  presumption  is 
that  by  developing  and  implementing  an  enterprise-wide  process  for  identifying, 
acquiring,  distributing,  and  managing  IT,  IT  portfolio  management  can  be  instituted  to 
attain  substantial  cost  savings  while  improving  system  usability  and  interoperability- 
obtaining  synergistic  gains. 

Equations  are  more  important  to  me.  Because  politics  is  in  the  present,  but  an  equation 
is  something  for  eternity.  (Albert  Einstein,  quoted  by  Stephen  Hawking,  The  Illustrated  A 
Brief  History  of  Time,  Bantam  Books,  New  York,  1996,  p.  235.) 

Enterprise  Solutions  (ES) 

A  Navy  initiative  to  institute  enterprise-wide  perspectives  into  the  management  ot  11 
programs,  applications,  and  assets.  The  approach  is  to  work  within  each  functional 
community  (e.g.,  logistics,  persormel,  etc.)  to  consolidate  redundancies  while  iritroducing 
best  of  breed  (lessons  learned,  software  re-use,  best  practices)  across  each  functional 
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community  (led  by  a  functional  leader).  Additionally,  executive-level  cross-functional 
groups  will  apply  similar  principles  across  the  functional  areas.  This  approach  will 
dovetail  mto  Navy /Marine  Corps  Intranet  applications  support  and  implementation.  ES 
IS  facilitated  im^r  the  auspices  of  the  Program  Executive  Office  for  Information 
Tec^o  ogy  PEO-IT)  and  the  Enterprise  Acquisition  Manager  for  Information 

Technology  (EAMIT).  The  intention  is  to  involve  stakeholders  from  operational,  resource 
and  acquisition  communities.  ' 

ih.  ‘V®  that  nobody  need  wait  a  single  moment  before  starting  to  improve 

Y!>rri993  )  Ballantine,  New 

Entity-Wide  Security  Program  (EWSP)-see  A-130,  Federal  Information  Technology 

T  Federal  Managers  Financial  Integrity  Act,  and  National 

Institut6  for  Standards  and  Technology 

A  frarnework  for  assessing  risk,  developing  and  implementing  security  procedures, 
and  monitoring  the  effectiveness  of  those  procedures.  It  includes  Lth  policies  and  an 
implementation  plan  and  represents  the  foundation  of  an  enterprise's  control  structure  It 

rkW  commitment  to  security.  An  EWSP  should  periodically  assess 

ument  an  EWSP  plan,  establish  a  security  management  structure  and  clearly 
assign  security  responsibilities,  implement  effective  security-related  personnel  policies 
and  monitor  the  security  program's  effectiveness  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course).  ^  ^ 

Equivalent-Forms  Reliability 

A^ technique  for  estimating  instrument  reliability  in  which  scores  are  compared  from 
two  Jfferent  versions  of  the  same  instrument  administered  to  the  same  group  of  subjects 
at  different  times  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

He  uses  statistics  as  a  drunken  man  uses  lampposts— for  support  rather  than  for 
iurTiination_(  Andrew  Lang,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed  , 

Doubleday,  Garden  City,  NY,  1983,  p.  228.) 

Ethernet 

The  most  popular  form  of  local  area  network  (LAN)  connectivity.  It  was  invented  by 
Xerox  Corp^and  typically  uses  coaxial  cable  or  other  special  grades  of  wiring  that  can 
provide  high-speed  communication  to  users  on  a  network.  Formerly,  asynchronous 
hansfer  protocol  (ATM)  was  touted  as  faster  than  Ethernet  due  to  the  latter's  bandwidth 
limitations;  however,  Ethernet  has  now  yastly  expanded  its  capacity.  Ethernet  is  a  first- 
come,  nrst-served  system  without  innate  priorities. 

^  "'block/'  but  the  old  block  itself.  (Edmund  Burke  1727-97 

0„  F«  1781,  hom  m  O.for„  D.cHcm,,  ofQ„oM,on\,  Oxford  uTersUy 

Press,NewYork,  1980,p.  110,  No.22.)  ^ 
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gT  irvist 

A  program  that  promotes  sensitivity  to  Web  site  privacy.  Web  sites  can  apply  for  the 
eTrust  program;  if  accepted  they  can  display  their  membership  that  attests  to  their  forrnal 
acceptance  of  user  privacy  agreements  promoted  by  eTrust.  Many  sites  now  prominently 
display  their  privacy  statements. 

No  one  is  useless  in  this  world  who  Hghtens  the  burden  of  it  to  anyone  else  (Charles 
Dickens,  quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing 
Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  40.) 

European  Union  (EU)  Basic  Principles  for  Data  Protection-see  Councii  of  Europe 

Data  obtained  and  processed  fairly  and  lawfully;  stored  for  specified  and  legitimate 
purposes;  data  relevant,  not  excessive  to  purpose;  accurate  and  kept  up  to  date;  stored  for 
no  longer  than  required;  personal  data  on  racial  origin,  political  opinions,  religious  or 
other  beliefs,  health  or  sexual  life  may  not  be  processed  witiiout  appropriate  safeguards, 
appropriate  data  security  measures  required  (IRMC  Assuring  the  Information 
Infrastructure  Course).  Directive  95/46/EC  concerns  the  processing  of  personal  data  and 
the  free  movement  of  such  data.  Directive  97/66/EC  concerns  protection  of  pnvay  m  the 
telecommunications  sector  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelmes, 

and  Policies  Course). 

Mohandas  Gandhi's  devastating  reply  to  an  Englishman  who  asked  hjs  opinion  ^ 

Western  civilization;  "I  would  be  all  in  favor  of  it."  (Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dut  on 
&  Co.,  New  York,  1994,  p.  93.) 

The  billions  of  computing  devices  that  are  always  on  and  connected  (IRMC 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course).  Sue 
innovations  as  DSL  have  added  greatly  to  this  field. 

Our  national  flower  is  the  concrete  cloverleaf.  Lewis  Mumford  (quoted  by  Robert  Byrne 
in  The  637  Best  Things  Anybody  Ever  Said,  Atheneum,  NY,  1982,  #498.) 

Executive  Information  System  (EIS)  . 

An  application  that  supports  executives  by  providing  graphical  user  interfaces  to  data. 
They  serve  as  "information  portals"  to  various  information  sources  for  the  mtelligence  to 
run  the  enterprise  (IRMC  New  World  of  the  CIO  Course). 

Can  you  think  of  less  interesting  or  more  incompetent  managers  than  those  who  pride 
themselves  on  not  engaging  in  nonsense?  Qerry  B.  Harvey,  The  Abilene  Paradox  and  Other 
Meditations  on  Management,  Lexington  Books,  Lexington,  MA,  1988,  p.  48.) 

Experimental  Mortality  .  j  •  i.u 

Some  of  the  subjects  being  studied  may  drop  out  from  the  intervention  during  the 

period  of  the  study,  especially  if  the  intervention  lasts  a  long  time.  It  is  therefore  possible 
that  the  change  from  premeasure  to  post-measure  can  be  accounted  for  by  the  fact  that  the 
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group  membership  changed  from  pretest  to  post-test  (IRMC  Measuring  Results  of 
Organizational  Performance  Course). 

f  C  Symbol  Rx,  found  in  the  upper  left-hand  comer  of  every  prescription 

goes  back  5,0m  years^  The  Egyptians  used  the  magic  eye  of  Hocus  as  an  amul^  to  gumd 
them  against  disease  and  suffering.  The  eye  has  two  tails  hanging  from  the  center,  Ld 
centuries  later  it  appeared  in  a  form  resembling  our  numeral  4.  Physicians  scribbled  it  on 

of  Jupiter.  By  slow  transformation,  the  numeral 

ofStnH^-  h  F^'  Jacob  Braude  in  Neio  Treasury 

fStoriesJor  Em y  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  CUffs,  NJ 
June  1961,  p.  264.) 

Expertise  Locator— see  Knowledge  Map 

A  directory  that  with  profiles  of  an  organization's  individuals  used  to  locate  specific 
expertise  within  the  organization.  Experts  so  located  can  help  answer  questions  or  be 
requested  to  participate  on  specific  projects.  Knowledge  workers  routinely  use  such 
irectories  to  quickly  find  colleagues  who  specialize  in,  know,  have  dealt  with,  or  are 
interested  m  particular  work  and  knowledge  areas  ("The  smartest  bird-  With 
development  of  Raven,  Lotus  shows  it  understands  knowledge  management  is  action," 
Knowledge  Magazine,  http:/ /www.destinationcrin.rnt-n/article.s/ 
^fault.asp?ArtideID=1786(^KevWord.s=expertise++ANn+lor,nfor  CRM  Magazine 
(eustomer  Relationship  Management)  [USA]. 

f-p  wise  men.  (Cato,  in  3,500  Good  Quotes 

for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  272.) 

Expert  System 

Expert  systems  are  an  implementation  of  artificial  intelligence.  Human  experts 
(mavens)  mput  rules  for  solving  a  particular  range  of  problems  or  processes  to 
accomplish  certain  ends.  These  rules  are  codified  into  a  computer  software  algorithm  or 
program  which  users  can  utilize  to  guide  future  solutions  to  problems  within  the  ranee  of 
the  expert  system.  Since  the  time  and  cost  of  creating  an  expert  system  can  be  very  ^ 
significant,  they  tend  to  be  narrowly  delimited  in  scope.  Such  factors  have  greatly 
^hdr  rpni*^^  application  of  expert  systems  despite  early  predictions  of  universal  use  and 

^es^tZTn  T  f  Telephoning  many  organizations  today 

resets  m  an  automated,  aural,  routing  system  in  which  a  recording  or  computer  asks  the 

caller  a  series  of  nested  questions  to,  at  long  last,  direct  the  caller  to  the  proper 
i^ormation  or  resource.  While  such  a  system  is  cheaper  than  hiring  a  cadre  of  people  to 
®  questions,  it  tends  to  be  much  slower  and  quite  taxing  to  callers.  This  is  a 
typical  difference  between  querying  an  expert  system  vice  asking  a  maven  for  advice 
Computers  Presently  limited  to  providing  information  to  people.  People  generally  are 
not  so  limited  (depending  on  individual  ability)  and  can  provide  knowledge  directly  to 
enquirer  rather  than  force  the  enquirer  to  translate  provided  information  into 
nowledge.  Nevertheless,  a  well-constructed  expert  system  can  provide  real-time 
decision  support  if  properly  used  (cf.  Case-based  reasoning). 

KM^liK^r^^'f  ^  most  mature  form  of  intelligent  decision  systems.  They  capture 

KM-hke  rules  from  experts.  The  military  use  them  for  force  planning  and  logistics;  the 
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Internal  Revenue  Service  and  the  Environmental  Protection  Agency  use  them  for 
regulatory  processes;  and  the  medical  community  uses  them  for  diagnosis 
prLriptions.  There  are  thousands  (estimated  30,000  in  year  2000)  currently  fielded  wi* 
payoffs  typically  of  100:1  or  more.  One  of  their  great  advantages  is  that  they  are  available 
24-7.  Merced  County,  CA,  created  the  Merced  Automated  Global  Information  Collector 
(MAGIC)  to  assist  welfare  workers. 


Criteria 

Customers/worker/ 

month 

Time  for  an  answer 
for  customer 

Morale 

Savings 

Before 

MAGIC 

180 

3-5  weeks 

Abysmal 

0  =  base 

With 

MAGIC 

300 

2-3  days 

Soaring 

$1  miUion/year 

The  State  of  Tennessee  implemented  TOMIS  for  its  penal  system  sentencmg.  TOMIS 
improved  accuracy  from  80  percent  to  100  percent  and  saves  37.500  lata  hours  per 
month.  IRMC  has  a  free  downloadable  expert  system  called  EXSYS.  Also  8“ 
utrp.  / /W,.,W  mnitiloeic.com  and  http:  /  /ai.iit.nrc.ca  ^iibjects/Expert.html  (IRMC  Critical 

Information  Systems  Technologies  Course). 

Trust  one  who  has  gone  through  it.  (Virgil,  quoted  in  The  Oxford  Dictionary  of 
Quotations,  Oxford  University  Press,  New  York,  1980,  p.  559,  No.  10.) 

^Formal,  docurnented  knowledge  identifiable  in  such  items  as  policy  documents  or 
operations  and  procedures  manuals.  Any  codified  document  containing  knowledge  is 
explicit.  It's  opposite  is  implicit  or  tacit  knowledge.  New  hires  from  college,  for  instancy 
have  absorbed  quantities  of  explicit  knowledge  through  reading  and  document  researc  . 
However,  they  must  be  "socialized"  by  their  new  working  organization  to  be  able  to 
work  effectively  within  it.  This  process  entails  their  absorbing  quantities  of  tacit 
knowledge  not  written  down,  but  agreed  upon  or  observed  by  the  other  employees. 
Reading  an  employee  manual  may  be  helpful,  but  it  does  not  impart  the  required  tacit  or 
implicit  knowledge  recognized,  but  not  necessarily  readily  explicated  by  more  seasoned 
employees.  Cf.  The  Social  Construction  of  Reality:  A  Treatise  in  the  Sociology  of  Knowledge  by 
Peter  L.  Berger  and  Thomas  Luckmann.  1st  Irvington  ed.  New  York:  Irvmgton  Publishers, 

1980,  cl966.  vii,  203  p. ;  22  cm. 

The  fact  that  an  opinion  has  been  widely  held  is  no  evidence  whatever  that  it  is  not 
utterly  absurd;  indeed,  in  view  of  the  silliness  of  the  majority  of  mankind,  a  widespread 
behef  is  more  likely  to  be  foolish  than  sensible.  (Bertrand  Russell) 

Extended  Service  Set  (ESS) — see  IBSS  and  BSS 

A  wireless  LAN  architecture  that  has  a  distribution  system  (DS)  that  connects  multip 
access  points  (APs)  that  serves  multiple  basic  service  sets  and  individual  workstations. 

It's  not  too  far,  it  just  seems  like  it  is.  (Yogi  Berra.  The  Yogi  Book,  Workman  PubUcations, 

New  York,  1998,  p.  100.) 
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^lensible  Markup  Language  (XMD-see  Networked  Improvement  Community  and 

Webification,  http:/ /wwvv. vv3.org/XMI. 

Provides  a  standard  way  for  programmers  and  other  users  to  exchange  information 
about  metadata  (essentially,  information  about  what  a  set  of  data  consists  of  and  how  it  is 
organized  .  Specifically,  XML  is  intended  to  help  programmers  using  the  unified 
mo  e  mg  language  (UML)  with  different  languages  and  development  tools  to  exchange 
meir  data  models  with  each  other.  In  addition,  XML  can  also  be  used  to  exchange 
ormation  about  data  warehouses.  Effectively,  the  XML  format  standardizes  how  any 
set  of  metadata  is  described  and  requires  users  across  many  industries  and  operating 
environments  to  see  data  the  same  way.  XML  statements  define  data  content,  whereas  the 
hypertext  markup  language  (HTML)  lines  deal  with  fonts  and  boldface.  XML  defines 
what  It  IS,  and  HTML  defines  "how  it  looks"  (Glossary  ofIM/lT  &  KM  Terms). 

statements  with  descriptive  or  definitive  tags 
dded  thereto  wluch  describe  the  content  in  terms  of  what  data  is  being  described.  XML 

n  ^  information  formats  and  share  format  and  data  via  the 

to  T  or  displayed  then  processed  (similar 

HTML).  They  can  be  exported  to  other  applications  and  even  dialed.  It  creates  self- 
describmg  data  (similar  to  FORTRAN  format  statements)  that  essentially  embeds 
meta^ta  mto  the  dataset  aRMC  Data  Management  Strategies  and  Technologies  Course). 
n  u  ^  starting  point  for  many  of  the  Internet-  and  voice-based  technologies  that 
an  be  used  to  iinprove  access  to  government  goods  and  services,  and  therefore  can 

0  barriers  to  receipt  of  government  information  associated  with  digital 
disparities.  XML  itself  is  a  promising  notation  system  for  representing  the  underlying^ 
structure  and  meaning  of  electronic  information,  whether  it  be  data,  text,  or  sound  TOs 
system  and  its  variants  (e.g.,  voice  XML  and  wireless  markup  language)  play  an 
important  role  m  providing  goods  and  services  directly  to  the  public  through  telephone 
based  services  wi^  speech  recognition  or  text-based  materials  on  the  Internet  XML 
funchons  by  employing  markers,  or  tags  that  accompany  the  electronic  data  in  agreed 
upon  ways^These  tags,  and  the  structures  that  govern  them,  mean  that  XML  can  simplify 
^d  umfy  the  sources  of  data  to  reduce  the  burden  of  managing  multiple  sources  of  data^ 
^ese  same  chjacteristics  allow  information  to  be  reused,  databases  to  be  consolidated 
databases  to  be  accessed,  resulting  in  lower  maintenance  and  usage  costs 
Data  *at  is  managed  once  can  then  be  accessed  through  multiple  channels,  whSher  it  is 
stared  drrecay  w  A  the  public  by  the  federal  government  or  is  shared  witli  a  state  or  tol 
government  who  *en  publish  the  information.  Many  industries  and  scientific  disciplines 

j  exchange  information  across  platforms  and  applications. 

^u^  separates  data  from  presentation,  XML  users  can  extract  only  the  data 

m  V’"'’  m  for  massive  manuals,  project  schedules,  etc.,  on 

muMn'^  ^  oveTOhelmingly  complex  if  the  specific  information  needed 

couldn  t  be  extracted  quickly  and  easily. 

Federal  agencies  that  want  to  take  full  advantage  of  XML  and  its  data  reuse  and  re¬ 
purposing  capabilities  must  first  establish  a  "vocabulary"  for  the  information  to  be 

Leml'tio"*^  f’®"  vocabulary  in  an  approved  manner.  Several  national  and 

mtemational  organizations  have  evolved  to  facilitate  the  efficient  use  of  XML  data.  These 
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organizations  and  the  standards  that  have  been  established  ensure  that  the  information 
managed  in  an  XML  format  bears  the  increasingly  important  characteristics  and  attributes 
of  a  well-formed  record:  reliability,  authenticity,  integrity,  and  usability.  Utah  «  new 
Traveler  Advisory  Telephone  and  Internet  System  illustrates  the  potential  of  XML.  Other 
states  are  also  using  XML.  The  Michigan  state  legislature  converted  its  compiled  law  to 
XML,  which  makes  it  easier  to  offer  the  documents  online  in  multiple  formats  (HTML  and 
portable  document  formats).  This  action  not  only  helped  state  agencies  to  improve  the 
production  and  management  of  their  legislative  process,  but  also  enables  the  public  to 
Less  documents  without  the  need  for  a  legal  researcher.  At  some  point,  the  public  will 
be  able  to  see  the  relationship  between  legislative  actions  and  results  of  those  ^ti^ 
expressed  in  government  records.  Visitors  can  draw  from  different  sources  to  build  their 
own  customized  output  documents.  More  than  6,000  people  use  the  system  every  day, 
with  more  than  43  million  hits  since  the  system  was  launched  two  years  ago. 

The  National  Archives  and  Records  Administration  and  the  Government  Printing 
Office  (GPO)  are  moving  from  standard  generalized  markup  language  to  XML.  XML 
offers  more  tools  and  Web  renderings.  XML  enables  applications  to; 

1)  mediate  between  two  disparate  database; 

2)  present  different  views  of  the  same  data  to  different  users,  and 

3)  support  intelligent  agents  that  tailor  information  discovery  processes  to  the  needs  of 

individual  users.  ,.  . 

Agencies  that  submit  documents  to  GPO  receive  a  35  percent  discount  for  delivering 

text  that  has  already  been  marked  up  in  XML.  XML  supports  the  philosophy  that  data 
"belongs"  to  its  creators,  and  distribution  channels  are  best  served  by  a  data  forrnat  M 
does  not  bind  the  content  to  a  particular  vendor's  tools  or  platform.  (Susan  Turnbull,  The 
Federal  Architecture  and  Infrastructure  Committee  of  the  Federal  CIO  Council  s  guide. 
Extending  Digital  Dividends:  Public  Goods  and  Services  that  Work  for  All,  the  Federal 
CIO  Council  Knowledge  Management  Working  Group  CD  distributed  by  the  DON  CIO 
202-501-6214  or  susan.turnbull@gsa.gov).  For  information  on  the  draft  DON  XML 
Developers'  Guide,  contact  Brian  Hopkins  (editor)  at:  xosys@sbcglobal.net  and  see 
HUd:  /  /\\n\w.xfront.com/  for  a  tutorial. 


Clearly  bounded  general  responsibilities  paradoxically  release  initiative  and  creativity 
because  the  boundaries  are  clear.  Unclear  boundaries  and  lack  of  adequate  limits  always 
stifle  initiative  because  people  do  not  know  how  far  they  can  push  new  ideas.  (EUiott  Jaques 
and  Stephen  D.  Clement,  Executive  Leadership,  Cason  Hall  &  Co.,  Arlmgton,  VA,  1991,  p. 

180.) 


Extension  ,  . 

In  DOS  and  some  other  operating  systems,  one  or  several  letters  at  the  end  ot  a 

filename.  Eilename  extensions  usually  follow  a  period  (dot)  and  indicate  the  type  of 
information  stored  in  the  hie.  For  example,  in  the  filename  EDIT.COM,  the  extension  is 
COM,  which  indicates  that  the  file  is  a  command  file.  (Depending  on  the  operating 
system,  the  punctuation  separating  the  extension  from  the  rest  of  the  filename  may  or 
may  not  be  considered  part  of  the  extension  itself),  an  extra  feature  added  to  a  standard 
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pogramming  language^  or  s^fstem,  or  a  plug-in  (from  Webopedia) 
ilttpV  /www.webopedia.rom/TERM  /o /oYtension  hrml 


KA  future  by  the  past.  (Edmund  Burke,  1 727-97,  in  Letter  to  a 

Member  of^the  Nat, omlAssenibhj,  1791,  from  The  Oxford  Dictiomnj  of  Quotations,  Oxford 

University  Press,  New  York,  1980,  p.  Ill,  No.  31.) 

External  Services  Providers  (ESPs) 

Outsourced  org^ations  that  provide  computer  services  to  other  organizations  (e  g 
the  government).  While  many  do  load-shifting  at  scattered  sites  on  a  regLr  basis  they 
may  not  be  up  to  handling  the  increased  load  under  a  disaster  recovery  or  contingencJof 
operations  scenario.  Data  center  outsourcing  contracts  should  fully  specify  such 
requirements.  See  Guttmann-Stark  and  Bace,  "Managing  Security  Risk  with  External 

O^^tober  28, 1997) 

(IRMC  Assurmg  the  Information  Infrastructure  Course.)  ^ 

Problems  which  are  not  tackled  directly  are  expressed  indirectly  and  cause  even  more 

SrM952  p  Sr" 


Extranet 

^  ^rea  network  (WAN)  running  on  public  protocols.  The  goal  of  most 

X  anets  is  to  foster  collaboration  and  information  sharing  between  two  or  more 
orgamzahons.  Extranets  make  it  possible  for  organizations  to  invite  selected  guests  to 

tr,  ^  bowser  rather  than  propriefaw tLre 

tok  Selected  guests  might  include  customers,  corporate  colleagues  worW  around  the 
globe,  or  other  orgamzahons  (Glossary  ofIM/IT  &  KM  Terms). 


The  effectiveness  of  a 
relationships  between  the 
Dryden  Press,  New  York, 


communications  system  depends  on  the  quality  of  the 

people  involved.  (Elliott  Jaques,  The  Changing  Culture  of  a  Factory, 
1952,  p.  301.)  ^ 
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Face  Validity  .  ,  .  j  f 

A  form  of  content-oriented  validity  in  which  consensus  is  obtained  among  a  group  ot 

subject  matter  experts  (SMEs)  that  the  instrument  completely  and  comprehensively 
covers  the  factor  that  it  interids  to  measure  (IRMC  Measuring  Results  of  Organizationa 
Performance  Course).  It  is  obtained  in  the  KM  technique  of  verication.  The  Delphi 
technique  was  developed  to  eradicate  some  of  the  problems  with  face  validity  for  certam 
types  of  problems.  Face  validity  refers  to  how  things  look  on  their  face.  A  consensus 
can  be  wrong.  The  consensus  said  the  sun  went  around  the  earth,  that  heavier  objects  fell 
faster  than  light  ones,  that  the  earth  was  flat,  etc.  These  are  samples  of  face  validity.  Kuhn 
addresses  paradigms  (reflections  of  the  prevailing  consensus)  in  his  classic  The  Structure  of 
Scientific  Revolutions.  Science  depends  primarily  upon  the  epistemologies  of  empiricism 
(observation  and  measurement)  and  rationalism  (conjecture,  hypotheses,  theories,  an 
laws).  Antithetically,  face  validity  depends  more  upon  authority  or  tradition 
epistemologies.  While  each  epistemology  has  its  own  advantages  and  disadvantages,  m  a 
scientific  analysis,  face  validity  does  not  yield  a  high  confidence  level.  It  took  the 
measuring  of  the  curvature  of  light  (when  the  instruments  to  do  so  became  available 
sometime  after  Einstein's  death)  for  some  scientists  to  admit  that  his  paradigm  was  better 
than  its  predecessor.  But  eventually,  their  face  validity  had  to  give  way  to  empirical  proof. 

A  lady  in  a  faded  gingham  dress  and  her  husband,  dressed  in  a  homespun  threadbare 
suit  stepped  off  the  train  in  Boston  and  walked  timidly,  without  an  appointment,  into  the 
Halyard  University  president's  outer  office.  The  secretary  could  teU  in  a  moment  that  such 
backwoods  country  hicks  had  no  business  at  Harvard  and  probably  didn’t  even  deserve  to 
be  in  Cambridge.  She  frowned.  "We  want  to  see  the  president,"  the  man  said  softly.  He  U 
be  busy  all  day,"  the  secretary  snapped.  "We'll  wait,"  the  lady  replied.  For  hours,  the 
secretary  ignored  them,  hoping  that  the  couple  would  finally  become  discouraged  and  go 
away.  They  didn't.  The  secretary  grew  frustrated  and  finally  decided  to  disturb  the 
president,  even  though  it  was  a  chore  she  always  regretted.  "Maybe  if  they  just  see  you  for  a 
few  minutes,  they'll  leave,"  she  told  him.  He  sighed  in  exasperation  and  nodded.  Someone 
of  his  importance  obviously  didn’t  have  the  time  to  spend  with  them,  but  he  detested 
eineham  dresses  and  homespun  suits  cluttering  up  his  outer  office. 

The  president,  stem-faced,  strode  toward  the  couple.  The  lady  told  him,  "We  had  a  son 
who  attended  Harvard  for  one  year.  He  loved  Harvard.  He  was  happy  here.  But  about  a 
year  ago,  he  was  accidentally  kiUed.  And  my  husband  and  1  would  Hke  to  erect  a  memorial 
to  him,  somewhere  on  campus." 

The  president  wasn't  touched;  he  was  shocked.  "Madam,"  he  said  gmffly.  We  cant 
put  up  a  statue  for  every  person  who  attended  Harvard  and  died.  If  we  did,  this  place 
would  look  like  a  cemetery."  "Oh,  no,"  the  lady  explained  quickly.  "We  don't  want  to  erect 
a  statue.  We  thought  we  would  like  to  give  a  building  to  Harvard."  The  president  rolled  ks 
eyes  He  glanced  at  the  gingham  dress  and  homespun  suit,  then  exclaimed,  "A  building.  Do 
you  have  any  earthly  idea  how  much  a  building  costs?  We  have  over  seven  and  a  half 

million  dollars  in  the  physical  plant  at  Harvard." 

For  a  moment  the  lady  was  silent.  The  president  was  pleased.  He  could  get  nd  of  them 
now.  And  the  lady  turned  to  her  husband  and  said  quietly,  "Is  that  all  it  costs  to  start  a 
university?  Why  don't  we  just  start  our  own?"  Her  husband  nodded.  The  president  s  face 
wilted  in  confusion  and  bewilderment.  And  Mr.  and  Mrs.  Leland  Stanford  walked  away. 
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traveling  to  Palo  Alto,  CA,  where  they  established  the  university  that  bears  their  name,  a 
niemorial  to  a  son  that  Harvard  no  longer  cared  about.  "You  can  easily  judge  the  character 
of  others  by  how  they  treat  those  who  can  do  nothing  for  them  or  to  them"  (an  Urban 
Legend  falsely  attributed  to  Malcolm  Forbes  (founder  of  Forbes  magazine  [received  by 
author  via  Internet  e-mail],  see:  http: /  / w ww. ha rva rd .cdu  /help / fra mos  / Hgl  Q  hir^ I 
However,  according  to  httn;./ / orbanlogcnds.about.com /gi/dvnamic/off.sitc.htm? 
sit^'=http‘?i.3A*ii.2PX.2Fwww.snopcs2.com‘?-»2Fglurgo%2Fstanfnrd  htm 

The  "rudely-spumed  university  endowment"  theme  of  the  Stanford  story  has  played 
out  at  least  once  in  real  life.  In  July  1998,  William  Lindsay  of  Las  Vegas  contacted  an 
unnamed  Scottish  instituhon  of  higher  learning  by  telephone,  saying  he  was  minded  to  give 
some  money  to  a  university  in  Scotland.  Taking  him  for  a  crank,  he  was  rudely  dismissed 
by  the  person  he  spoke  to.  His  next  call  to  Glasgow  University  met  with  a  warmer 
reception,  and  in  March  2000  that  school  received  a  check  for  £1.2  million,  enough  to  endow 
a  professorship  in  Lindsay’s  name. 

Failover 

A  backup  operation  that  automatically  switches  to  a  standby  database,  server,  or 
network  if  the  primary  system  fails  or  is  temporarily  shut  down  for  servicing.  Failover  is  a 
fault  tolerance  function  of  mission-critical  systems  that  rely  on  constant  reliability. 

Failover  automatically  and  transparently  to  the  user  redirects  requests  from  the  failed  or 
down  system  to  the  backup  system  that  mimics  the  operations  of  the  primary  system.  A 
ailover  site  refers  to  the  specific  database,  server,  or  network  that  serves  this  mission- 
critical  redundancy  function  {Encarta  Encyclopedia  Online,  Microsoft,  Inc. 
http:/ /encarta. msn.com  (USA)). 

Success  the  mark  no  mortal  wit. 

Or  surest  hand,  can  always  hit: 

For  whatsoe'er  we  perpetrate. 

We  do  not  row,  we're  steer'd  by  fate. 

(Samuel  Butler,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubledav 
Garden  City,  NY,  1983,  p.  233.) 

Federal  Acquisition  Reform  Act  (FARA)  of  1996— see  Clinger-Cohen  Act  (CCA) 

FARA  was  combined  with  the  Information  Technology  Management  Reform  Act  to 
create  the  CCA. 

excessive  increase  of  anything  causes  a  reaction  in  the  opposite  direction.  (Plato,  in 
207 )  ^P^nl<crs,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983, 

Federal  Acquisition  Streamlining  Act  (FASA)  of  1994— see  Change  Management 

FASA  legislated  the  preference  for  acquisition  of  commercial  items.  Commercial  items 
are  any  items  of  a  type  customarily  used  for  nongovernmental  purposes  that:  are:  offered 
to  the  general  public,  evolved  from  a  commercial  item  but  not  yet  available,  would  satisfy 
commercial  item  definition  with  modifications  customarily  available,  or  are  services 
supporting  commercial  items.  This  broad  definition  covers  a  vast  number  of  items.  It  was 
anticipated  that  commercial  items  would  be  cheaper,  better,  and  faster  to  acquire.  In  the 
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IT  world  of  rapid  change,  they  also  tend  to  be  more  current  or  state-of-the-art.  Second, 
FASA  also  created  micro-purchases  of  under  $2,500  that  could  be  made  by  employees 
using  IMP  AC  (International  Merchant  Purchasing  Authorization  Card  =  government 
credit  cards)  without  competition.  This  was  a  step  from  "equity"  towards  efficiency. 
Effective  October  1, 1997,  the  Under  Secretary  of  Defense  (Acquisition  and  Technology) 
forbade  federal  contracting  officers  from  issuing  contracts  or  purchase  orders  for  micro 
purchases  unless  the  vendor  would  not  accept  the  IMP  AC.  The  Fiscal  Year  1998  DoD 
Authorization  Act  required  that  by  October  1, 1999, 90  percent  of  all  DoD  purchases 
under  $2,500  would  be  accomplished  using  the  IMP  AC.  This  represents  50  percent  of  all 
DoD  procurement!  Thus,  individual  employees,  without  warrants,  would  be  empowered 
to  commit  DoD  for  half  of  its  purchases.  This  would  save  PCOs  much  of  their  time. 
Unfortunately,  users  are  not  necessarily  well  trained  and  organizations,  being  risk  averse, 
frequently  limit  or  control  use  of  IMP  AC  so  as  to  eliminate  its  inherent  time  and  effort 
advantages.  They  ignore  history's  lesson.  Third,  FASA  mandated  that  agencies  collect 
past  performance  information  (PPI),  effective  February  1, 1998,  in  order  to  later  evaluate 
contractor  performance  for  future  competitive  contracts.  The  kinds  of  information 
collected  were  tailored  to  the  appropriate  domain  and  uniform  definitions  of  assessment 
elements  were  created.  Use  of  PPI  was  mandatory  for  future  contract  awards.  Finally, 
FASA  reduced  restrictions  on  the  use  of  federal  supply  schedules  (IRMC  New  World  of 
the  CIO  Course). 


Federal  Acquisition  Regulations  (FAR);  http:  /  / farsite.hill..a.Lmil/. 

Tis  a  gift  to  be  simple 
Tis  a  gift  to  be  free 
Tis  a  gift  to  come  down 
Where  you  ought  to  be 
And  when  we  find  ourselves 
In  the  place  just  right 
WeTl  be  in  the  valley 
Of  love  and  delight. 

Shaker  Hymn  quoted  by  Adam  Smith  in  Pozvcvs  of  hAiud,  Ballantine  Books,  NY,  1975,  p. 

395. 

Federal  Activities  Inventory  Reform  Act  (FAIR)  of  1998 

Public  Law  (P.  L.)  105-270  supports  outsourcing  and  0MB  Circular  A-76.  It  requires 
submission  of  lists  of  noninherently  governmental  functions,  ensures  all  costs  are 
considered  in  A-76  competitions,  and  permits  any  interested  party  to  challenge  the  lists  of 
functions.  It  should  lead  to  a  dramatic  increase  in  A-76  competitions. 

In  ancient  times,  a  king  had  a  boulder  placed  on  a  roadway.  Then  he  hid  himself  and 
watched  to  see  if  anyone  would  remove  the  huge  rock.  Some  of  the  king  s  wealthiest 
merchants  and  courtiers  came  by  and  simply  walked  around  it.  Many  loudly  blamed  the 
king  for  not  keeping  the  roads  clear,  but  none  did  anything  about  getting  the  stone  out  of 
the  way.  Then  a  peasant  came  along  carrying  a  load  of  vegetables.  Upon  approaching  the 
boulder,  the  peasant  laid  down  his  burden  and  tried  to  move  the  stone  to  the  side  of  the 
road.  After  much  pushing  and  straining,  he  finally  succeeded.  After  the  peasant  picked  up 
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his  load  of  vegetables,  he  noticed  a  purse  lying  in  the  road  where  the  boulder  had  been.  The 
purse  contained  many  gold  coins  and  a  note  from  the  king  indicating  that  the  gold  was  for 
the  person  who  removed  the  boulder  from  the  roadway.  The  peasant  learned  what  many  of 
us  never  understand.  Every  obstacle  presents  an  opportunity  to  improve  our  condition. 
(Internet  e-mail  story.) 


Federally  Funded  Research  and  Development  Center  (FFRDC) 

Organizations  funded  by  the  federal  government  to  perform  specified  types  of 
research  and  development.  These  include  Carnegie-Mellon  University's  Software 
Engineering  Institute  (SEI),  the  Mitre  Corporation,  and  the  Aerospace  Corporation. 


An  expert  is  one  who  knows  more  and  more  about  less  and  less.  (Nicholas  Murray 
Butler,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  Citv 
NY,  1983,  p.  224.) 


Federal  Information  Technology  Security  Assessment  Manual  (FISCAM)— see  National 
Institute  of  Standards  and  Technology  (NIST) 

An  auditors'  manual  for  evaluating  internal  controls  confidentiality,  integrity,  and 
availability  of  data  maintained  in  computer-based  information  systems.  Twenty-three 
chief  financial  officer  agencies  now  use  FISCAM  as  a  basis  for  controls  work.  See  NIST 
Special  Publication  800-XX  of  3/9/ 01,  a  Self-Assessment  Guide  for  IT  Systems  that  provides 
a  method  to  assess  IT  security  programs  and  establish  targets  for  improvement  utilizing 
an  extensive  questionnaire  with  specific  control  objectives  (301-975-3293, 
marianne.swanson@nist.gov).  It  maps  to  GAO's  FISCAM  control  activities.  See  also  NIST 
Special  Publication  (SP)  800-18,  Guide  for  Developing  Security  Plans  for  IT  Systems 

llttp://csrc.nist.gov  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and 
Policies  Course). 


9.  Not  having  all  the  information  you  need  is  never  a  satisfactory  excuse  for  not  starting 
the  analysis.  (David  Akin,  professor.  University  of  Maryland,  "Akin's  Laws  of  Spacecraft 
Design"  [received  via  Internet  e-mail]  and  confirmed  by  Dr.  Akin  dakinC'Sumd  edn  nr 
DAKlN@SSL.UMD.Fni  I  See 

ht.tr7 /spacecraft.ssl. umd.edu /academics /akins  laws  btml  1 

Federal  Managers  Financial  Integrity  Act  (FMFIA),  P.  L.  97-255  of  1982— see  Entity- 
Wide  Security  Program,  Federal  Information  Technology  Security  Assessment  Manual 
Requires  each  agency  to  establish  internal  accounting  and  administrative  controls  and 
agency  heads  to  prepare  an  annual  statement  indicating  that  the  agency's  systems  of 
mtemal  accounting  and  administrative  control  are  or  are  not  in  compliance.  Although 
performance  measures  are  not  specifically  required,  a  meaningful  set  of  performance 
measures  linked  to  risks  can  help  satisfy  the  reporting  requirements  of  the  act  (Defense 
Information  Systems  Agency  Performance  Planning  Guidance  for  Fiscal  Year  1998,  p.  G-3) 
(IRMC  Measuring  Results  of  Organizational  Performance  Course).  FMFIA  requires 
agencies  to  conduct  risk  assessments  to  identify  and  prioritize  their  vulnerabilities  to 
waste,  fraud,  and  abuse  and  (as  directed  by  OMB  Circular  A-123)  to  assess  internal 
controls  annually.  OMB  Circular  A-130  requires  that  agencies  consider  risk  when 
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determining  the  need  for  and  selecting  computer-related  control  techniques  (IRMC 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

Joint  Services  Conference  On  Professional  Ethics  (JSCOPE)  article: 
http:  /  /  vvvvw.usafa.af.mil  /jscope  /1SCOPE99  /  Pollock99  .html 

JSCOPE  99:  http://www.usafa.af.mi1/jscope/#INF099 

Financial  Disclosure  forms  450  and  278: 
http:  /  /  www.usda.gov  /  ethics  /  forms  /  index.htm. 

Blessed  are  the  young,  for  they  shall  inherit  the  national  debt.  (Herbert  Hoover,  in  3,500 
Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p. 

68.) 

Federal  Supply  Schedules  (FSSs) 

Contracts  awarded  by  the  General  Services  Administration  (GSA)  for  government- 
wide  use  (similar  to  government-wide  acquisition  contracts).  They  include  virtually  all  IT 
support  requirements  (systems  engineering  and  technical  assistance-type  contracts)  and 
much  more.  FSSs  have  competitive  prices,  are  precompeted,  and  are  very  easy  for 
agencies  to  use.  The  Federal  Acquisition  Streamlining  Act  greatly  reduced  restrictions  on 
using  them,  and  they  have  become  one  of  the  primary  sources  for  IT  acquisitions.  On 
March  6, 1997,  Eleanor  Spector,  the  director  of  defense  procurement,  publicly  urged  the 
use  of  GSA's  FSS  contracts.  When  using  these  contracts,  no  request  for  proposal  (RFP)  is 
needed.  Federal  acquisition  regulations  do  recommend  competing  at  least  two  FSS 
bidders  for  other  than  micro  purchases.  But  users  need  not  (per  FAR  8.4)  document  fair 
and  reasonableness  of  the  price,  consider  small  business  set-asides,  seek  further 
competition,  or  synopsize  the  requirement  (in  the  Commerce  Business  Daily)  (IRMC  New 
World  of  the  CIO  Course). 

General  Services  Administration:  http:/ /pub.fss.gsa,gov 

Commerce  Business  Daily:  http:  /  / www.govcon.com/, 

A  man  travels  the  world  over  in  search  of  what  he  needs  and  returns  home  to  find  it. 

(George  Moore,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday, 

Garden  City,  NY,  1983,  p.  249.) 

Feedback  (Cause  and  Effect,  C&E  Chain) 

The  way  the  customers  or  users  view  the  organization's  products  or  services  as 
evidenced  by  the  demand  they  make  for  its  output  and  the  satisfaction  they  display 
(IRMC  Measuring  Results  of  Organizational  Performance  Course).  Generically,  feedback 
is  the  information  or  loop  connecting  the  output  of  a  process  with  its  input  so  as  to 
regulate  the  process— as  in  cybernetics.  Feedback  is  an  integral  portion  of  systems 
engineering.  In  electronics,  feedback  loops  are  built  into  processes  to  control  them.  They 
can  alleviate  unpredicted  conditions  that  could  "blow  up  the  process.  For  instance,  in 
software,  a  variable  could  inadvertently  fall  to  zero.  If  that  variable  were  used  as  a  divisor 
in  an  equation,  the  resulting  number  would  be  infinite — ^blowing  up  the  process. 
Feedback  is  used  to  improve  processes  such  as  W.  Edwards  Deming's  total  quality 
management  (TQM)  for  continuous  process  improvement.  It  is  also  used  to  compare 
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before  (as-is)  from  after  (to-be)  conditions.  Feedback  is  one  of  the  primary  features  of 
metrics— it  allows  the  owners  of  a  process  to  evaluate  and  improve  the  process.  In  Japan, 
manufacturers  use  the  five  whys”  technique  in  which  a  problem  is  analyzed  in  order  to 
"fix"  it.  But  this  is  insufficient  to  obtain  a  "cause."  Therefore,  the  "cause"  of  the  problem  is 
then  analyzed  to  find  its  cause."  The  question  "why"  is  asked  five  times  to  obtain  a 
causal  chain.  Once  these  factors  are  "fixed"  the  problem  is  considered  "solved."  In 
actuality  a  causal  chain  can  be  of  infinite  length.  But  human  processes  are  not  infinite  so 
five  has  been  determined  to  be  sufficient. 

Kindness  is  a  hard  thing  to  give  away.  It  usually  comes  back  to  you.  (Jacob  Braude,  Neu> 

Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood 
Cliffs,  NJ,  June  1961,  p.  202.) 

Firewall— see  Gateways  htlp://www. fircwall.com  and  http: // www.4firewalls.rom 

A  system  designed  to  electronically  protect  a  network  from  attack  and  misuse. 
Firewalls  help  to  prevent  imauthorized  access  including  personnel  and  information.  They 
can  be  out-of-the-box  software  packages  hosted  on  servers  or  other  devices.  They  must, 
however,  be  configured  by  the  LAN  administrator  to  satisfy  the  needs  of  the  enterprise. 
Improperly  configured  firewalls  can  permit  usage  that  can  create  system  vulnerabilities. 
However,  generally,  the  more  restrictive  the  administrator  makes  the  settings  (more 
secure  and  less  vulnerable),  the  longer  the  response  times  (delays  for  users).  Firewalls  are 
almost  universally  used  by  enterprises  that  connect  to  the  Internet  or  external  users.  It  is 

also  recommended  for  individual  users  who  have  special  connectivitv  into  their  svstems 
(e.g.,  DSL).  ^ 

All  messages  entering  or  leaving  the  network  should  pass  through  the  firewall,  which 
examines  each  message  and  blocks  those  that  do  not  meet  the  specified  security  criteria. 
Enterprise  system  audits  are  recommended  since  individual  users  sometimes  hook  up 
direct  outside  connections  to  their  computers,  totally  defeating  the  firewall  and  enterprise 
security  policies,  making  the  entire  network  vulnerable  to  attack.  Firewalls  come  in 
several  types  of  varying  complexity,  cost,  and  effectiveness.  The  choice  of  firewalls  should 
be  tailored  to  the  needs  of  the  enterprise.  In  addition,  high  value  units  or  sub-networks 
may  also  be  protected  by  additional  firewalls.  For  increased  protection,  these  internal  (or 
enclave)  firewalls  should  differ  in  type  and  manufacturer  from  the  external  firewall. 
Firewalls  can  be  used  to  enforce  an  organization's  security  policies  and  can  efficiently  log 
Internet  activity.  It  should  be  noted  that  firewalls  cannot  protect  against  insider  attacks  or 
completely  new  threats.  Coverage  varies  considerably,  depending  upon  the  type  of 
firewall  employed.  See  packet  filtering  and  proxy  server,  ©guard  commercial  personal 
firewall  http:  /  /www.atguard.com;  ConSeal  PC  hrewall  http:  /  / w w w.siena l9.(~om 
Firewalls  can  block  unwanted  traffic,  direct  incoming  traffic  to  more  trustworthy 
internal  systems,  hide  vulnerable  systems  that  cannot  easily  be  secured  from  the  Internet, 
can  log  traffic  to  and  from  a  private  network,  can  hide  information  (e.g.,  system  names, 
network  topology,  network  device  types,  and  internal  user  IDs  from  the  Internet),  and  can 
provide  more  robust  authentication  than  standard  applications  might  be  able  to  do. 

Firewall  settings  are  a  tradeoff  between  user  transparency  and  network  protection.  Types 
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include;  packet  filtering,  application,  hybrid  or  complex  (IRMC  Developing  Enterprise 
Security  Strategies,  Guidelines,  and  Policies  Course^ 

Cynicism  is  an  unpleasant  way  of  telling  the  truth.  {The  Little  Foxes — a  film,  1978.) 

First  Virtual  (FV) 

A  method  of  electronic  commerce  in  which  a  customer  selects  an  item  on  the  Internet 
and  gives  his  or  her  FV  number  to  the  merchant;  the  merchant  e-mails  (or  telnets)  the 
request  to  FV;  FV  e-mails  the  customer  to  confirm  the  order;  customer  confirms  (or  not)  to 
FV;  if  purchase  is  confirmed,  FV  bills  to  the  customer's  credit  card. 

[In  answer  to  the  question,  "What  would  you  do  if  you  found  a  million  dollars?"]  I'd 
see  if  I  could  find  the  guy  that  lost  it,  and  if  he  was  poor.  I'd  give  it  back.  (Yogi  Berra,  The 
Yogi  Book,  Workman  Publications,  New  York,  1998,  p.  59.) 

Flow  and  High  Performing  Systems  (HPS) 

1)  The  continuous  movement  of  knowledge,  information,  and  data  between  and 
among  nodes  (people)  in  a  network  to  (hopefully)  enable  effective  achievement  of 
organizational  goals.  In  actuality,  organizations  generally  have  systems  of  both  formal 
and  informal  information  flow.  The  rumor  mill  is  often  faster  than  formal  channels,  but  it 
rarely  provides  the  context  necessary  to  understand  the  content  of  the  information  (i.e.,  it 
primarily  consists  of  information,  not  knowledge). 

2)  The  psychological  state  achieved  by  an  individual  (or  high-performing  system)  in 
which  activities  are  naturally  and  spontaneously  carried  out  seemingly  without  effort  or 
conscious  deliberation  but  with  very  high  success  and  satisfaction  for  participants;  the 
state  of  being  "in  the  groove"  or  "in  the  zone."  Individual  aspects  of  flow  have  been 
explored  by  Csikszentmihalyi;  high-performing  systems  have  been  explored  by  Peter 
Vaill  of  The  George  Washington  University.  Per  Edward  Edinger,  Jungian  psychology 
would  identify  the  state  of  flow  with  an  athmement  along  the  ego-self  axis. 

It  seems  certain  that  there  is  an  "optimal"  level  of  activation  for  a  given  task  to  be 
performed  by  a  given  individual  at  a  given  time.  It  would  appear  also  that  for  most 
individuals  and  for  most  tasks  that  optimal  level  is  a  moderate  degree  of  activation,  high 
enough  to  assure  reasonable  speed  and  alertness,  and  low  enough  not  to  present  a  hazard  to 
the  organization  of  responses.  Therefore  it  would  be  expected  that  studies  in  which  the 
degree  of  activation  was  the  independent  variable  and  the  quality  of  performance  was  the 
dependent  variable  would  yield  results  which,  when  plotted,  would  form  an  inverted  U- 
shaped  curve.  (Mary-Louise  von  Franz,  Individuation  in  Fairytales,  Spring  Publications, 

Dallas,  TX,  1982,  pp.  193-194.) 

Peter  Vaill  is  a  student  of  "high-performing  systems"  . . .  Such  systems  behave, 
according  to  Vaill,  as  self-fulfilling  prophecies  ...  "a  private  language  and  set  of  symbols  . . . 
they  act  in  a  new  way  . . .  Peak  experiences  . . .  lead  members  to  enthuse,  bubble,  and 
communicate  joy  and  exultation  ...  A  Hall  of  fame  phenomenon  arises  ...  an  air  of 
invincibility  leads  to  the  same  reality.  (Thomas  J.  Peters  and  Robert  H.  Waterman,  Jr.,  In 
Search  of  Excellence,  Warner  Books,  New  York,  1982,  p.  264.) 
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Foreign  Intelligence  Surveillance  Act  (FISA)  of  1978,  October  25, 1978,  P.  L.  95-511-  50 
U.S.C.  §1801  et  seq. 

Used  to  obtain  electronic  surveillance  and  physical  searches  without  warrants,  but 
under  court  order,  in  cases  of  foreign  intelligence,  international  terrorism,  or  sabotage 
activities  by  a  foreign  power  or  its  agents.  It  requires  a  lower  level  of  probable  cause  than 
Tide  III  warrants  against  U.S.  persons.  It  is  also  applicable  under  the  Uniform  Code  of 
Military  Justice  and  has  survived  numerous  court  challenges.  Secretary  and  the  Deputy 
Secretary  of  Defense  certify  to  the  Attorney  General  that  the  application  to  the  Foreign 
Intelligence  Surveillance  Court  conforms  to  this  act;  this  applies  to  electronic  surveillance 
as  well  as  physical  searches  (IRMC  Assuring  the  Information  Infrastructure  Course). 

If  you  pity  rogues  you  are  no  great  friend  to  honest  men.  (Thomas  Fuller,  in  3,500  Good 
Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed,,  Doubleday,  Garden  City,  NY,  1983  p.  179.) 

Four  A  s  or  4  A  s  (Adaptability,  Accountability,  Alignment,  and  Awareness) 

The  four  A's  create  a  framework  for  judging  the  success  of  performance  based 
management  and  for  information  management  strategic  planning.  Expenditures  should 
add  value  to  at  least  one  of  the  4  A's  in  order  for  it  to  be  justified  (IRMC  New  World  of 
the  CIO  Course).  The  four  A's  are  designed  to  provide  visibility  and  value  to  taxpayers: 

Accountability.  Visibility  that  an  agency  intends  to  provide  and  can  demonstrate 
value  for  money. 

One  man  with  courage  constitutes  a  majority.  (General  Colin  Powell,  USA.) 

.Alignment:  Visibility  that  all  agency  components  are  working  together  to  achieve  the 
mission. 

Failure  does  not  exist.  Failure  is  simply  someone  else's  opinion  of  how  a  certain  act 
should  have  been  completed.  (Wayne  W.  Dyer,  Your  Erroneous  Zones,  Avon  Books,  1976 
New  York,  p.  133.) 

Adaptability:  Visibility  that  an  agency  can  be  responsive  in  a  changing  world. 

There  is  nothing  so  easy  but  that  it  becomes  difficult  when  you  do  it  reluctantly. 

(Terence  Publius  Terentius  Afer,  c.190-159  B.C.,  1.805  from  Familiar  Quotations  by  John 
Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  108.) 

Awareness:  Visibility  that  an  agency  is  aware  of  its  environment  (also  described  in 
IRMC  Leadership  for  the  2T'  Century  Course). 

The  Fates  lead  him  who  will;  him  who  won't,  they  drag.  (Seneca,  quoted  by  Joseph 
Campbell,  Myths  to  Live  By,  Bantam  Books,  New  York,  1972,  p.  125.) 

Frame  of  Reference — see  Framing 

A  type  of  rater  error  in  which  the  rater  rates  a  subject  higher  or  lower  than  the  actual 
performance  indicated,  because  of  the  rater's  personal  bias  or  standards  which  aren't 
shared  by  the  other  raters  (IRMC  Measuring  Results  of  Organizational  Performance 
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Course).  More  generically,  a  frame  of  reference  is  the  paradigm  of  assumptions, 
conclusions,  and  world-view  held  by  a  particular  person  at  a  particular  time.  The  person 
relates  various  happenings  to  this  set  in  evaluating  them.  The  frame  of  reference  can  differ 
under  varying  environmental  conditions  and  subject  roles.  Discriminatory  biases  can  be  a 

part  of  an  individual's  frame  of  reference. 

We  will  teach  you.  For  when  we  show  you  our  ignorance,  then  you  will  see  where  we 
most  need  your  wisdom.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New 
York,  1996,  p.  85.) 

Framing — see  Frame  of  Reference  and  Selective  Perception 

Framing  is  creating  a  contextual  environment  for  a  question,  problem,  or  situation. 
Thus,  if  the  present  frame  is  not  imderstood,  one  reframes  the  question.  Framing  is  a  basis 
for  human  communications  and  imderstanding  and  is  essential  for  knowledge  transfers. 

A  frame  has  implicit  or  tacit  features  as  well  as  communicated  or  explicit  ones  and  the 
former  can  be  impediments  if  not  shared  between  the  sender  and  receiver  (participants). 
Thus,  it  is  helpful  if  participants  consider  the  unspoken  assumptions,  suppositions, 
interpretations,  etc.,  inherent  in  their  connotations  of  a  frame  of  understanding.  For 
example,  words  may  have  several  meanings  that  might  be  applied  to  a  particular 
situation.  One  person  might,  for  instance,  be  referring  to  information  flow  while  another 
is  referring  to  Ihe  Csikszentmihalyi  state  of  being  in  flow,  causing  miscommunication, 
misunderstanding,  and  (sometimes)  a  declining  relationship.  Normally,  identifying  a 
domain  is  a  part  of  framing  a  problem  or  situation  as  is  identifying  a  method  or  approach 
(e.g.,  clustering  versus  clumping).  It  has  been  said  that  identifying  (framing)  the  problem 
is  half  the  solution.  Framing  includes  boimdaries,  reference  points,  yardsticks,  and 
metaphors.  A  frame  gives  only  a  partial  view  and  can  eliminate  important  factors;  it 
establishes  the  scope  or  field  of  view.  A  winning  frame  maximizes  reality  and  minimizes 
complexity.  It  captures  the  essence  of  a  situation  (see  RPD )  and  is  robust.  Alfred  North 
Whitehead  said,  "Seek  simplicity,  then  distrust  it"  (quoted  by  J.  Edward  Russo  and  Paul  J. 
H.  Schoemaker  in  Decision  Traps,  1990).  Alignment  is  matching  one's  frame  to  the  frames 
of  people  he  or  she  wants  to  influence  (IRMC  Leadership  for  the  2T'  Century  Course). 

People  are  virtually  incapable  of  understanding  and  accepting  any  point  of  view  other 
than  their  own.  (C.  G.  Jung,  Psychological  Types,  CW6,  Princeton  University  Press,  Princeton, 

NJ,  1971,  p.  489.) 

Freedom  from  Government  Competition  Act  (FGCA) 

Proposed  act  that  failed  to  pass  in  1996  and  1997.  Would  require  government 
outsourcing  of  all  noncore  functions.  Other  similar  proposed  acts  that  failed  to  pass 
include:  the  Competition  in  Commercial  Activities  Act  (H.R.  716)  and  Federal  Activities 
Inventory  Reform  Act  (S.  314)  (IRMC  Advanced  Software  Acquisition  Management 
Course). 


Nobody's  rational ...  we  all  act  because  we're  sure  of  what  we  want,  and  we  believe 
that  the  actions  we  perform  will  get  us  what  we  want,  but  we  never  know  anything  for  sure, 
and  so  all  our  rationales  are  invented  to  justify  what  we  were  going  to  do  anyway  before  we 
thought  of  any  reasons.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New 
York,  1996,  p.  113.) 
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Freedom  Of  Information  Act  (FOIA)  of  1966 

5  U.S.C.  552  assumes  executive  branch  information  is  accessible  to  the  public  and  sets 
standards  for  releasing  such  information  (IRMC  New  World  of  the  CIO  Course).  See  e- 
FOIA:  http:/ / wwvv.nist.gov/admin /foia/foia.htm. 


"Mantle"  means  a  philosophy  that  comes  from  vision  or  inspiration  or  intuition  rather 
than  from  scholarship  or  reason.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty 
Books,  New  York,  1996,  p.  82.) 

Freeware 

A  program  that  is  available  to  users  at  no  cost.  Such  no-cost  software  may  be 
considered  as  part  of  the  public  domain — available  for  anyone's  use.  Users  must  be 
sensitive  to  whether  the  software  is  actually  free  for  public  use  rather  than  shareware  or 
pirated  copyrighted  material.  In  addition  to  legal  risks,  such  software  has  inherent 
technical  and  security  risks.  While  it  should  certainly  be  checked  with  antivirus  software, 
doing  so  does  not  ensure  that  the  freeware  does  not  contain  hidden  malware  such  as  logic 
bombs  or  Trojan  horses. 

You  have  not  lived  a  perfect  day,  even  though  you  have  earned  your  money,  unless 
you  have  done  something  for  someone  who  will  never  be  able  to  repay  you.  (Jacob  Braude, 

Nexu  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc., 

Englewood  Cliffs,  NJ,  June  1961,  p.  362.) 

Frequency 

The  reciprocal  of  the  period  of  a  signal.  The  number  of  cycles  a  particular  signal 
completes  in  one  second.  It  was  formerly  measured  in  cycles  per  second  (cps),  but  is  now 
measured  equivalently  in  Hertz  (Hz).  One  Hertz  =  one  cycle  per  second.  See  period, 
bandwidth,  and  wavelength.  Wireless  IT  applications  utilize  a  portion  of  the  industry, 
science,  and  medicine  (ISM)  band,  allocated  by  the  Federal  Communications  Commission 
(FCC).  The  portion  so  used  is  2.4  to  2.4835  GHz  (a  83.5-MHz  band).  Thus,  the  maximum 
bandwidth  for  such  applications  is  83.5  MHz  or  .0835  GHz.  (MHz  =  megahertz  =  1  million 
cps;  GHz  =  gigahertz  =  1  billion  cps.  In  the  United  States,  alternating  current  (AC)  power 
(most  wall  sockets)  provides  a  60-Hz  current.  The  higher  the  frequency,  the  more  energy 
in  the  signal,  but  the  shorter  the  propagation  distance. 


The  most  beautiful  concepts,  for  being  repeated  too  frequently  and  too  smugly,  lose 
their  meaning,  their  vigor,  their  weight  of  silence.  (Mendel  of  Kotzk,  paraphrased  by  Elie 
Wiesel  in  Souls  on  Fire,  Summit  Books,  New  York,  1972,  p.  237.) 

Frequency-Division  Multiplexing  (FDM) 

A  scheme  in  which  numerous  signals  are  combined  for  transmission  on  a  single 
communications  line  or  channel.  Each  signal  is  assigned  to  a  different  frequency  (sub 
channel)  within  the  main  channel  {Glossary  of  MAT  &  KM  Terms). 

Precision  of  communication  is  important,  more  important  than  ever,  in  our  era  of  hair- 
balances,  when  a  false  or  misunderstood  word  may  create  as  much  disaster  as  a 
sudden  thoughtless  act.  (James  Thurber,  "Friends,  Romans,  Countrymen,  Lend  Me  Your 
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Ear  Muffs,"  Lanterns  and  Lances,  1961,  from  The  International  Thesaurus  of  Quotations,  Rhoda 
Thomas  Tripp,  Harper  &  Row,  New  York,  1970,  p.  93,  entry  148,  No.  15.) 


Frequency  Hopping  Spread  Spectrum  (FHSS) 

FHSS  is  one  of  two  main  methods  of  implementing  spread  spectrum  processing  (the 
other  is  direct  sequence  spread  spectrum)  to  reduce  interference  in  radio  frequency  (RF) 
signals  (and  make  them  more  difficult  to  intercept).  In  spread  spectrum,  the  frequency  of 
the  signal  is  split  into  portions  (1  MHz  channels)  that  are  spread  through  the  allowable 
bandwidth  (for  wireless  IT,  this  is  an  83.5  MHz  band).  With  FHSS,  channels  are  grouped 
into  79  noninterfering  hopping  sets.  A  hopping  code  determines  the  frequencies  to  be 
transmitted  and  their  order.  The  transmitter  and  receiver  must,  therefore,  have  the  same 
hopping  code.  A  narrowband  interfering  signal  can  often  be  avoided  by  hopping  to  a 
different  frequency.  If  such  interference  is  detected,  the  FHSS  will  re-transmit  on  the  new 
frequency.  However,  since  wireless  IT  has  only  1  watt  of  power  (consider  that  the  lamp 
by  your  bed  may  have  a  100  watt  bulb  in  it),  there  is  a  potential  for  interference  from 
other  devices  operating  in  the  same  frequency  band.  Microwave  ovens  (many  now  have 
1,000  watts  of  power)  operate  at  the  same  frequency  (2.4  GHz).  Such  devices  must  be  kept 
at  least  10  feet  (3.5  meters)  from  any  IT  wireless  devices  to  reduce  the  potential  for 
interference.  FHSS  can  achieve  up  to  2  Mbps  data  rates.  See  blue  tooth  and  IEEE  802.11  for 
implementations  of  spread  spectrum  for  IT  wireless  applications.  Compared  to  DSSS, 
FHSS  is  more  secure  against  eavesdropping;  lower  power,  has  higher  data  rates  for 
multiple  users,  is  more  tolerant  to  wideband  interference,  is  more  resistant  to 
microwaves,  and  costs  less.  However,  it  has  shorter  range,  poorer  voice  quality,  interferes 
with  DSSS,  and  has  lower  data  rates  for  individual  users  (IRMC  Managing  Networked 
Security  in  a  Networked  Environment  Course). 

You  have  to  be  careful  if  you  don't  know  where  you're  going,  'cause  you  might  not  get 
there.  (Yogi  Berra,  The  Yogi  Book,  Workman  Publications,  New  York,  1998,  p.  102.) 

Frequently  Asked  Questions  (FAQs) 

http:/ /support.microsoft.cc:>m /support /outlook/faq/ o198/  default.asp 

A  modern  Internet  term  and  a  section  on  many  Web  sites  dedicated  to  addressing 
questions  asked  by  many  users  in  order  to  obviate  the  need  for  individual  questions/ e- 
mails.  See  http:  /  /  www.dsmc.dsm.mil/pubs/pdf  / pmpdfOl / so-pol.pdf  for  my  article  on 
KM  FAQs. 

It  is  as  important  to  learn  the  important  questions  as  it  is  the  important  answers.  It  is 
especially  important  to  learn  the  questions  to  which  there  may  never  be  good  answers.  We 
have  to  learn  to  live  with  questions.  (Chaim  Potok,  In  the  Beginning,  Fawcett  Crest,  New 
York,  1975,  p.  285.) 

Information  Security  FAQs:  http:  /  /www.vtcif.telstra.com.au/info/ securitY.rhtml- 


Fuzzy  Logic 

A  technique  developed  by  L.  Zadeh  ("Fuzzy  Logic,  Neural  Networks,  and  Self 
Computing,"  Communication  of  the  ACM  [Association  of  Computing  Machinery],  March 
1994).  dealing  with  uncertainty  or  partial  information  by  simulating  human  reasoning.  It 
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allows  computers  to  behave  without  the  logic  and  precision  usually  associated  with 
computers.  It  is  characteristic  of  humans  and  some  artificial  intelligence  systems.  It  may 
be  integrated  into  decision  making  systems  such  as  DSS.  For  example,  an  international 
investment  company  used  fuzzy  logic  with  an  expert  system,  a  neural  network,  etc.  to 
forecast  returns  from  stocks.  The  system  includes  adjustments  for  anticipated  changes  in 
foreign  exchange  rates,  interest  rates,  and  other  variables.  Use  of  fuzzy  logic  allows 
insertion  of  probabilities  into  the  "equation."  Turban,  McLean,  and  Wetherbe  include  an 
architectural  diagram  of  this  system.  (Efraim  Turban,  Ephraim  McLean,  and  James 
Wetherbe,  Information  Technology  for  Management,  John  Wiley  &  Sons,  NY,  1999,  pages  497- 
8  and  G-4).  Fuzzy  logic's  relation  to  usual  computer  logic  parallels  that  of  linear  algebra's 
inequations  (relationships  where  greater  than  or  less  than  etc.  replace  the  equals  sign)  to 
normal  algebraic  equations. 

http:/ / ai.iit.nrc.ca  /subiects/Fuzzv.htiril:  http://ai.iit.nrc.ca/fuz7y/shower/titlp.htm] 

There  is  no  nonsense  so  gross  that  society  will  not,  at  some  time,  make  a  doctrine  out  of 
it  and  defend  it  with  every  weapon  on  communal  stupidity.  (Robertson  Davies,  The  Ciwniri'^ 

Man,  Viking  Penguin,  New  York,  1994,  p.  390.) 
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Gateway — see  Firewalls 

Entries  to  or  connections  between  two  or  more  networks.  Gateways  may  be  used  to 
connect  physical,  logical,  or  virtual  networks  and  services.  In  the  U.S.  Navy,  the  IT  for  the 
21"'  Century  (IT-21)  program  applies  to  ships  at  sea.  The  Navy/Marine  Corps  Intranet 
applies  to  shore  facilities.  The  two  systems  commimicate  through  gateways.  Gateway  is 
also  the  name  of  a  computer  manufacturer. 

Packet-filtering  gateways  use  routers  with  packet  filtering  rules  to  grant/ deny  access 
based  on  source  address,  destination  address,  and  port.  They  provide  low  security  at  low 
cost — are  useful  in  low-risk  environments.  They  are  fast,  flexible,  and  transparent,  but 
filtering  rules  are  not  easily  changed.  They  do  not  protect  against  IP  or  DNS  address 
spoofing.  If  the  gateway  is  breached,  all  networks  hosts  have  been  compromised.  They 
provide  little  useful  logging  and  often  do  not  support  strong  user  authentication. 

Application  gateways  use  server  programs  (proxies)  that  run  on  the  firewall.  Proxies 
take,  examine,  and  forward  external  requests  (if  legitimate)  to  the  internal  host.  They  can 
support  user  authentication  and  logging.  They  are  "the  most  secure  type  of  firewall" 
(according  to  Microsoft)  and  are  advantageous  for  medium-high  risk  sites.  The  firewall 
can  be  configured  to  be  the  only  host  address  visible  outside  the  network  (all  cormection 
to/ from  internal  network  must  then  go  through  the  firewall);  proxies  prevent  direct 
access  to  internal  services  (protecting  the  internal  network);  and  can  provide  detailed 
logging  and  strong  authentication. 

Hybrid  or  complex  gateways  combine  two  or  more  types  of  firewalls  and  implement 
them  in  series  (not  in  parallel),  enhancing  security.  They  are  useful  in  medium-high  risk 
implementations  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and 
Policies  Course). 

As  geographers,  Sosius,  crowd  into  the  edges  of  their  maps  parts  of  the  world  which 
they  do  not  know  about,  adding  notes  in  the  margin  to  the  effect  that  beyond  this  lies 
nothing  but  sandy  deserts  full  of  wild  beasts,  and  unapproachable  bogs.  (Plutarch  [46-120 
A.D.],  Lives,  Aemilius  Paulus,  Section  5,  quoted  in  Familiar  Quotations  by  John  Bartlett,  Little, 

Brown  &  Co.,  Boston,  1968,  p.  136a.) 

Generalized  Reciprocity — see  Knowledge  Brokering 

There  is  a  hierarchy  to  dyadic  human  relationships.  Knowledge  brokering  is  an 
intermediate  level  of  relationship  wherein  the  people  involved  track  (explicitly  or 
implicitly)  their  helping  actions  towards  each  other  to  maintain  a  balance  between  them. 
We've  all  heard  or  said,  "I  owe  you  one"  or  "you  owe  me"  or  "one  hand  washes  the 
other."  In  generalized  reciprocity,  however,  there  is  no  tracking.  The  relationship  has 
expanded  so  that  the  general  pleasure  of  helping  or  assisting  your  friend  or  co-worker  is 
payment  enough.  You  can  rely  on  their  help  when  you  need  it,  and  they  can  rely  upon 
yours.  You  don't  keep  score.  The  reciprocity  has  become  generalized,  more  of  a  feeling 
than  a  thought.  Such  a  situation  is  more  conducive  to  flow,  especially  in  a  high- 
performing  system.  For  most  people,  it  tends,  however,  to  be  limited  to  an  individual  or 
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limited  set  of  individuals  (a  group).  However,  for  some  individuals  (e.g.,  Mahatma 
Gandhi)  the  group  can  be  quite  extensive— even  including  all  of  humanity,  all  animal  life, 
or  all  living  things.  Thus,  it  can  become  a  spiritual  phenomenon  when  extrapolated. 

When  you  tell  your  trouble  to  your  neighbor  you  present  him  with  a  part  of  your  heart. 

If  he  possesses  a  great  soul,  he  thanks  you;  if  he  possesses  a  small  one,  be  belittles  you. 

(Kahlil  Gibran,  The  Wisdom  of  Gibran,  Philosophical  Library,  New  York,  1966,  p.  71.) 

The  good  befriend  themselves.  (Sophocles,  Oedipus  at  Coloniis,  1.309,  Familiar  Quotations 
by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  83a.) 

If  you  confer  a  benefit,  never  remember  it;  if  you  receive  one,  never  forget  it.  (Chilon, 
quoted  by  Jacob  M.  Braude  in  Nezv  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion, 

Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  152.) 

Generally  Applicable  and  Accepted  (GAA) 

An  IT  principle  explicitly  similar  to  generally  accepted  accounting  principles  (GAAP) 
(CoblT  Executive  Summary,  July  2000, 3  ed.),  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course). 

Pygmies  placed  on  the  shoulders  of  giants  see  more  than  the  giants  themselves.  (Lucan 
[39-65  A.D.],  The  Civil  War,  book  II,  10  [Didacus  Stella]  from  Familiar  Quotations  by  John 
Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  134.) 

General  Packet  Radio  Service  (GPRS) 

A  standard  for  wireless  communications  which  runs  at  speeds  up  to  150  kilobits  per 
second,  compared  with  current  GSM  (global  system  for  mobile  communications)  systems' 
9.6  kilobits.  GPRS,  which  supports  a  wide  range  of  bandwidths,  is  an  efficient  use  of 
limited  bandwidth  and  is  particularly  suited  for  sending  and  receiving  small  bursts  of 
data,  such  as  e-mail  and  Web  browsing,  as  well  as  large  volumes  of  data  {Glossary  ofIM/IT 
&  KM  Terms). 

The  amount  of  noise  that  anyone  can  bear  undisturbed  stands  in  inverse  proportion  to 
his  mental  capacity.  (Arthur  Schopenhauer,  Leo  Rosten's  Carnival  of  Wit,  E.  P  EXitton  &  Co 
New  York,  1994,  p.  338.) 

General  Systems  Theory  (GST)— see  Systems  Engineering,  Management,  and  Thinking 
The  theory  developed  by  L.  von  Bertalanffy  that  observes  similar  algorithms  and 
processes  across  diverse  domains  and  disciplines.  It  includes,  but  is  not  equivalent  to 
cybernetics  (the  science  of  feedback  mechanisms).  See  von  Bertalanffy's  General  Systems 
Theory,  Braziller,  New  York,  1968. 

When  we  intellectually  reproduce  experiences  that  by  their  nature  belong  to  other 
dimensions,  we  are  doing  something  similar  to  what  the  painter  does  when  he  represents 
three-dimensional  spaces  on  a  two-dimensional  surface  ...  The  laws  of  this  perspective  are 
essentially  similar  to  the  laws  of  logic:  Both  sacrifice  the  qualities  of  a  higher  dimension  by 
arbitrarily  limiting  themselves  to  a  particular  point  of  view,  so  that  their  objects  are  always 
seen  only  from  one  side  and  in  a  foreshortening  and  proportion  appropriate  to  the  angle  of 
vision.  But  whereas  the  painter  consciously  transfers  his  impressions  from  one  dimension  to 
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another  and  has  no  intention  of  imitating  or  reproducing  an  objective  reality,  but  rather 
wishes  to  express  his  reaction  to  that  reality,  the  thinker  generally  falls  into  the  trap  of 
supposing  he  has  grasped  reality  with  his  own  thinking,  because  he  mistakes  the 
"foreshortening"  perspective  of  his  one-sided  logic  for  universal  law.  The  use  of  logic  for 
the  process  of  thinking  is  undoubtedly  just  as  necessary  and  justified  as  the  use  of 
perspective  in  painting,  but  only  as  a  means  of  expression  and  not  as  a  criterion  of  reality. 

(Lama  Anagorika  Govinda,  A  Living  Buddhism  for  the  West,  Shambhala  Boston,  1990,  pp.  32- 
33.) 

Genetic  Algorithms  (GA) 

The  newest  tjq^e  of  artificial  intelligence.  GAs  grow  or  evolve  solutions  to  difficult 
one-of-a-kind  problems  such  as  scheduling,  routing,  designing.  They  are  useful  in  project 
management  and  manufacturing.  Often  the  possible  answers  are  extremely  large  or 
infinite.  They  are  based  on  genetics.  GAs  generate  many  (a  herd  of)  problem  solutions 
which  are  then  graded  on  fitness.  Least  fit  members  of  the  "herd"  are  eliminated.  The 
remainder  are  paired  up,  matched,  and  split  to  create  a  new  herd  of  hybrids.  A  few  are 
mutated  to  create  diversity.  This  process  is  repeated  imtil  an  optimal  or  acceptable 
solution  is  foimd.  The  most  difficult  part  of  implementation  is  representing  solutions  in 
the  form  of  chromosomes.  Then  a  fitness  function  must  be  developed.  General  Electric 
uses  GA  to  design  jet  engines;  law  enforcement  agencies  use  them  to  create  pictures  of 
muggers,  financial  firms  use  them  to  develop  optimal  trading  strategies,  project  managers 
at  John  Deere  and  Volvo  use  them  to  develop  optimal  crashing  strategies  and  scheduling. 
See  http:  /  /  www.wardsystems.com  and  http:  /  /  www.palisades.com  (IRMC  New  World 
of  the  CIO  Course).  "Optimization  techniques  that  use  processes  such  as  genetic 
combination,  mutation,  and  natural  selection  in  a  design  based  on  the  concepts  of  natural 
evolution,"  from  "An  Introduction  to  Data  Mining:  Pilot  Software  Data  Mining  White 
Paper"  http:  /  / www.pilotsw.com /solutions /business  pas.htm  (IRMC  Data 
Management  Strategies  and  Technologies  Course). 
http: /  /ai.iit.nrc.ca/subjects/Evolutionary.html  genetic  algorithms; 

http:  /  /  WWW. wardsystems.com/  http:  /  /www.palisade.com/  (IRMC  Critical  Information 
Systems  Technologies  Course). 

Conclusions  arrived  at  through  reasoning  had  very  little  or  no  influence  in  altering  the 
course  of  our  lives.  Hence,  the  countless  examples  of  people  who  have  the  clearest 
convictions  and  yet  act  diametrically  against  them  time  and  time  again;  and  have  as  the 
only  explanation  for  their  behavior  the  idea  that  to  err  is  human.  (Carlos  Castaneda,  The  Fire 
From  Within,  Simon  &  Schuster,  New  York,  1984,  p.  49.) 

Geographic  Information  System  (GIS) 

A  computer  system  capable  of  assembling,  storing,  manipulating,  and  displaying 
geographically  referenced  information,  i.e.,  data  identified  according  to  their  locations. 
Practitioners  also  regard  the  total  GIS  as  including  operating  personnel  and  the  data  that 
go  into  the  system  (U.S.  Geographic  Survey, 

http:  /  / www.gsd.harv'ard.edu /  -pbcote  /GIS / web  resources.hhnl). 

This  is  the  transcript  of  the  ACTUAL  radio  conversation  of  a  U.S.  naval  ship  with 
Canadian  authorities  off  the  coast  of  Newfoundland  in  October  1995.  Radio  conversation 
released  by  the  Chief  of  Naval  Operations  10-10-95. 
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Canadians;  Please  divert  your  course  15  degrees  to  the  South  to  avoid  a  collision. 

Americans:  Recommend  you  divert  your  course  15  degrees  to  the  North  to  avoid  a 
collision. 

Canadians:  Negative.  You  will  have  to  divert  your  course  15  degrees  to  the  South  to 
avoid  a  collision. 

Americans:  This  is  the  Captain  of  a  U.S.  Navy  ship.  I  say  again,  divert  YOUR  course. 

Canadians:  No.  1  say  again,  you  divert  YOUR  course. 

Americans:  This  is  the  aircraft  carrier  USS - the  second  largest  ship  in  the  United 

States'  Atlantic  fleet.  We  are  accompanied  by  three  destroyers,  three  cruisers,  and  numerous 
support  vessels.  Demand  that  you  change  your  course  15  degrees  North,  I  say  again,  that’s 
one  five  degrees  North,  or  counter-measures  will  be  undertaken  to  ensure  the  safety  of  this 
ship. 

Canadians:  This  is  a  lighthouse.  Your  call! 

[Received  via  Internet  e-mail;  this  is  an  Urban  Legend.  See  http: // wwvv.snopcs2.com  / 
for  this  myth]. 

Gigabits  per  second  (Gbps) 

One  billion  or  109  bits/ second.  It  is  used  as  a  measure  of  bandwidth  on  a  digital  data 
transmission  medium  such  as  optical  fiber.  With  slower  media  and  protocols,  bandwidth 
may  be  in  the  Mbps  {millions  of  bits  or  megabits  or  106  bits/second)  or  the  kbps 
(thousands  of  bits  or  kilobits  or  103  bits/ second)  range.  In  future,  transmission  speeds  of 
Tbps  (trillions  or  terabits  or  1012  bits/second)  will  probably  be  achieved. 

Everything  comes  to  he  who  hustles  while  he  waits.  (Thomas  A.  Edison,  in  3,500  Good 
Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  173.) 

Global  Information  Grid  (GIG)  or  Global  Information  Infrastructure  (GII) 

The  globally  interconnected,  end-to-end  set  of  information  capabilities,  associated 
processes  and  personnel  for  collecting,  processing,  storing,  disseminating,  and  managing 
information  on  demand  to  warfighters,  policy  makers,  and  support  personnel  {Glossary  of 
IM/IT  &  KM  Terms).  The  GIG  is  basically  a  renaming  of  the  defense  information 
infrastructure  (DII).  It  is  not  a  centrally  controlled  entity  but  rather  a  term  used  to 
encompass  the  immensity  of  connected  systems— to  a  large  degree,  through  the  Internet. 
The  Navy /Marine  Corps  Intranet  will  become  a  major  portion  of  the  GIG  once  it  has  been 
successfully  implemented.  See  Ken  Alford's  "DoD  and  the  Global  Information 
Infrastructure"  {Crosstalk,  1995,  Vol.  8,  No.  8,  pp.  7-9)  and  Lodge  and  Reavis'  Global 
Friction  Among  Information  Infrastructures  (Harvard  Business  School  Publishing,  Boston, 
1999,  HBS  9-799-152)  (IRMC  Assuring  the  Information  Infrastructure  Course).  GIG  is  the 
successor  to  the  Global  Networked  Information  Enterprise  (GNIE)  (IRMC  Advanced 
Software  Acquisition  Management  Course). 


Thanks  to  the  interstate  highway  system,  it  is  now  possible  to  travel  across  the  country 
from  coast  to  coast  without  seeing  anything.  (Charles  Kuralt,  Leo  Rosten's  Carnival  of  Wit,  E. 
P.  Dutton  &  Co.,  New  York,  1994,  p.  341.) 
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Global  System  for  Mobile  Communications  (GSM)— see  Enhanced  Data  GSM 
Environment  and  General  Packet  Radio  Service 

A  wireless  protocol  developed  in  Europe  in  the  1980s.  It  is  based  on  the  time-division 
multiple  access  (TDMA)  process;  divides  AMPS  (analog  mobile  phone  service)  into  8 
channels/time  slots;  is  dual  band;  operates  at  900/1,900  MHz;  and  has  a  9.6  Kbps  data 
rate  (IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course).  Yahoo 
and  CellPoint  have  created  the  find-a-friend  system  so  that  GSM/WAP  users  can  find  the 
physical  location  of  other  subscribers.  Participants  must  explicitly  consent,  can  selectively 
disable  the  function,  and  are  "beeped"  when  located.  However,  there  are  still  ethical  and 
social  considerations  since  disabling  the  function  may  force  an  explanation.  Thus,  it  could 
be  used  to  track  spouses,  employees  (illegal  in  some  places),  children,  customers, 
suppliers,  etc.  This  may  be  interpreted  as  an  invasion  of  privacy  and  may  violate  present 
or  proposed  European  standards  in  this  area  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course). 

Wise  men  talk  because  they  have  something  to  say,  fools  because  they  have  to  say 
something.  (Plato,  Leo  Rosten’s  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  186.) 

Glueware — see  Middleware,  Bolt-ons,  and  Enterprise  Application  Integration 

Any  of  several  types  of  software  that  glues  together  other  pieces  of  software.  This 
includes  middleware,  bridges,  wrappers,  etc.  Generally  they  are  types  of  third-party 
software  that  integrates  functions  by  trapping  output  from  one  component  and 
reformatting  it  for  input  to  another,  sending  notification  messages  about  one  tool's 
completion  to  another  for  start-up  and  so  forth.  Wrappers  are  often  point-to-point 
solutions  so  that  new  versions  of  contractor  off-the-shelf  or  function  software  necessitate 
changes  to  the  wrappers  or  glueware  (IRMC  Advanced  Software  Acquisition 
Management  Course). 


Never  underestimate  a  man  who  overestimates  himself.  (Franklin  D.  Roosevelt, 
referring  to  General  Douglas  MacArthur,  USA,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  & 

Co.,  New  York,  1994,  p.  493.) 

Gnutella — see  Peer-to-Peer  (P2P) 

A  file-sharing  system  on  the  Internet  that  searches  for  software  and  documents  on  the 
GnutellaNet,  a  loose  federation  of  users  and  organizations  that  make  a  wide  variety  of 
information  available  to  the  world  at  large.  Software  for  Windows,  Mac,  Linux/UNIX 
and  BeOS  turns  your  machine  into  a  search  client  so  you  can  access  the  GnutellaNet,  as 
well  as  a  server  for  offering  files  to  others.  In  order  to  do  a  search,  one  must  connect  to 
one  or  more  computers  on  the  network  directly  by  Internet  protocol  address,  which  in 
turn  connect  to  other  computers  within  a  limited  domain  of  about  10,000  hosts,  known  as 
a  "horizon"  (based  upon  Glossary  oflM/lT  &  KM  Terms).  Similar  to  Napster,  Gnutella  uses 
a  P2P  technique  and  has  the  same  significant  security  risks  and  vulnerabilities. 

http:  /  /www. geocities.com/damncreature/osmsoftware-gnotella.html. 
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In  America,  the  young  are  always  ready  to  give  to  those  who  are  older  than  themselves 
the  full  benefit  of  their  inexperience.  (Oscar  Wilde,  Ix’o  Rosten's  Carnival  of  Wit,  E.  P.  Dutton 
&  Co.,  New  York,  1994,  p.  328.) 

Googling 

To  google  someone  is  to  look  up  a  person  on  Google  to  find  out  about  him  or  her. 
The  press  began  to  enjoy  writing  about  the  prevalence  of  young  professionals  "googling" 
each  other  before  a  first  date.  The  word  also  started  being  used  more  generally  to  mean 
"to  use  a  search  engine  on  the  Internet"  ("Google  becomes  the  hot  Web  thing,"  Jeremy 
Schlosberg,  Media  Life  Magazine,  May  2001,  http:/ / www.medialifemagazine.com/ 
news2001  / mayO  1  / may28 / 5  fri  / ncws5friday.html). 

Cherish  forever  what  makes  you  unique,  'cuz  you're  really  a  yawn  if  it  goes.  (Bette 
Midler,  quoted  by  Noah  ben  Shea  in  Great  Jewish  Quotes,  Ballantine,  New  York,  1993.) 

Government  Information  Security  Reform  Act  (GISRA)  of  2000 

Agencies  are  to  maintain  a  program  to  adequately  secure  computer  systems;  ensure 
policies  are  founded  on  a  continuous  risk  management  cycle;  implement  controls  that 
adequately  assess  information  security  risks;  promote  continuing  awareness  of 
information  security  risks;  continually  monitor  and  evaluate  information  security  policy; 
control  effectiveness  of  information  security  practices.  The  agency  head  is  held 
responsible  for  compliance;  the  act  covers  agency  and  contractor  systems;  the  Inspector 
General  submits  security  reports  to  Office  of  Management  and  Budget;  five  security  levels 
categorize  agency  program  assessments  (IRMC  Developing  Enterprise  Security  Strategies, 
Guidelines,  and  Policies  Course). 

Department  of  Defense  Inspector  General: 
http:/ /www.dodig.osd.mil  /  pubs/index. html. 

Today,  if  you  invent  a  better  mousetrap,  the  government  comes  along  with  a  better 
mouse.  (Ronald  Reagan,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p. 

208.) 

Government  Management  and  Reform  Act  (GMRA)— see  http://u.sprs.erols.com/ 
mams/000(}0037.htiTi  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

The  job  of  a  manager  is  not  to  do  everything— it  is  to  make  sure  that  every  task  gets 
done.  (Michael  Levine,  "Winning  Words  of  Wisdom,"  Bottom  Line  Personal,  1996  Vol  17 
No.  10  [May  15],  p.  12.)  '  ' 

Government  Paperwork  Elimination  Act  (GPEA)  of  October  1998 

Under  GPEA,  agencies  must  provide  for  optional  use  or  acceptance  of  elex  documents, 
signatures,  and  electronic  record  keeping  when  practicable.  It  is  intended  to  increase 
citizens'  ability  to  interact  electronically  with  the  federal  government.  It  provides  legal 
validity  of  electronic  signatures.  Agencies  had  to  submit  implementing  plans  by  October 
31, 2000.  By  October  21, 2003,  all  agencies  are  required  to  have  elex  filing  and  signature 
capabilities  in  place.  An  example  is  the  Veterans  On  Line  Applications  (VONAPP)  project. 
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where  veterar\s  can  apply  for  compensation,  pension,  and  vocational  rehabilitation 
benefits  and  send  completed  applications  electronically  to  their  local  Veterans 
Administration  office,  http:  /  / vabenefi  ts.vba.va.gov  / vonam  (Leadership  for  the  New 
Millennium:  Delivering  On  Digital  Progress  and  Prosperity,  3rd  annual  report  of  the  U.S. 
Government  Working  Group  on  Electronic  Commerce,  January  16, 2001).  However,  the 
IRS  is  exempt  (IRMC  Advanced  Information  System  Acquisition  Course).  While 
government  agencies  are  evolving  rapidly they  are  significantly  challenged  by  such 
legislation  as  the  Government  Paperwork  Elimination  Act,  the  Clinger-Cohen  Act  of 
1996,'^  and  OMB  Memorandum  M-00-10,13  which  addresses  electronic  benefit  and  funds 
transfers,  transactions  that  result  in  financial  or  legal  liability  (e.g.,  procurement  contracts) 
(IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course 
author's  final  paper,  PKI  Vulnerabilities). 

Tradition:  a  clock  which  tells  what  time  it  was.  (Elbert  Hubbard,  in  3,500  Good  Quotes  for 

Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  248.) 

Government  Performance  and  Results  Act  (GPRA),  P .  L.  103-62  of  August  1993  see 

Performance-  and  Results-Based  Management  and  Strategic  Planning 
bttp:/  /ombwatch.org/  gpra/text/  gpratext.html 

GPRA  had  four  parts:  strategic  plans,  annual  performance  plans,  past  year 
performance  reports,  and  management  flexibility  projects.  The  last  provides  a  means  for 
executive  agencies  to  request  relief  from  legislative  requirements  based  upon 
demonstrating  economies  of  scale  and  efficiencies  would  be  achieved  thereby.  The 
strategic  (5-year,  revised  every  3  years)  plans  are  submitted  to  Congress  through  OMB 
and  GAO.  Agencies  had  much  difficulty  complying  with  this  requirement: 
hup:  /  /www.govpxer.rom  /dai1vfed/0599/051899klJitm-  Of  prime  importance  is  the 
differentiation  between  outputs  and  outcomes.  The  former  are  internal  process  measures, 
the  latter  are  mission  effectiveness  measures  (IRMC  New  World  of  the  CIO  Course).  See 
also  Chief  Pinancial  Officers  Coimcil's  GPRA  Implementation  Committee  s  Integrating 
Performance  Measurement  into  the  Budget  Process  (January  12, 1997)  and  Implementation  of  the 
GPRA:  "A  Report  on  the  CFO's  Role  and  Other  Critical  Issues  Critical  to  the  Government¬ 
wide  Success  of  GPRA,"  {Resources  Management,  1996);  Department  of  Justice's  GPRA: 

DOJ  Manager's  Handbook  on  Developing  Useful  Performance  Indicators  (version  1.1,  April 
1995);  National  Academy  of  Public  Administration's  Towards  Useful  Performance 
Measurement:  Lessons  Learned  from  Initial  Pilot  Performance  Plans  Prepared  Under  the  GPRA 
(November  1994);  Kravchuk  and  Schack's  "Designing  Effective  Performance 
Measurement  Systems  under  the  GPRA  of  1993"  {Public  Administration  Review,  July- 
August  1996);  J.  Mihm's  "GPRA  and  the  New  Dialog"  {Public  Manager,  Winter  1995-1996); 
and  GAO'S  Agency  Performance  Plans:  Examples  of  Practices  that  Can  Improve  Usefulness  to 
Decision  Makers  (GAO/GGD/ AIMD-99-69,  February  1999);  http:  /  /freedom.house.gcivZ 
results  /  House  Majority  Leader  site  with  links/ grades;  related  GAO  reports: 

Avww.gao.gov/  and  see  GAO/GGD/ AIMD-99-215  of  July  1999  Managing  for 
Results:  Opportunities  for  Continued  Improvements  in  Agencies'  Performance  Plans  and  the 
Defense  Information  Systems  Agency's  Performance  Planning  Guidance  for  Fiscal  Year  1998 
(IRMC  Measuring  Results  of  Organizational  Performance  Course).  Defense  Business 


169 


Management  University  interactive  course  (DISA  Performance  Planning  Guidance  for  Fiscal 
Year  1998,  p.  G-3).  See  Beryl  Radin's  "The  GPRA:  Hydra-Headed  Monster  or  Flexible 
Management  Tool?  {Public  Administration  Review,  July- August  1988,  Vol.  58,  No  4  pp 
307-316;  Balancing  Measures:  Best  Practices  in  Performance  Management  (August  1999, 

61)  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  See  Guide  for 
eveloping  and  Using  IT  Performance  Measurements,  version  1.0,  DON  CIO,  10 /01  POC  is 
David  Carder,  703-601-0230.  http:/ /wvvw.opm.Rov/gpra/ GPRAresources.hhn  May 
2002,  useful  information  is  available  on  OPM's  GPRA  Resource  Center  Web  site: 
b.ttp./ / govinfo.librarv.unt.edu/  npr/librarv/studies.htm]. 


From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

Executive  Branch  Management  Scorecard:  http:  /  / vvww.whitehonsp  pqv  /omh/ 
M^oranda/m02-02.html  3/02.  OMB  memo  of  October  30, 2001,  announces  the 
development  of  an  Executive  Branch  Management  Scorecard. 


£  President  s  Management  Agenda:  http:/ / www.whitehouse.gov  /omb/biidvet/ 

4/.^002/mgmt.pdf  5/02.  President  Bush's  strategy  for  improving  the  management  and 
performance  of  the  federal  government. 

^  Executive  Management  Scorecard— 2001  Baseline  Evaluation:  http:  /  / vvww  vovpvpr  mm  / 

5/02.  Chart  showing  how'^^nd^^^^^red^^^ 
^tegories  of  management  —2001  baseline  evaluation  conducted  by  OMB — from 
GovExec.com. 


OMB  Budget  and  Performance  Integration  Plans:  http://www.whitehonsP  anv  /omh / 
memoranda /m02-06.pdf  6/02.  OMB  memo  of  ApdlH^^p^^Gdh^g^^ 
support  of  President  Bush's  budget  and  performance  integration  management  initiative. 
Contains  attachment  describing  uniform  evaluation  metrics  or  "common  measures." 

r  Annual  Performance  Report  Scorecard:  Which  Federal  Agencies  Inform  the  Public?: 
Ilt.tp:/ /vvvvw.sovernmentaccountabilitv.org/scorecard?nni  him  6 /02; 
http://www,governmentaccountabiHtv.ore/tableonp2nm  him  6/02.  "The  American 
people  are  entitled  to  know  what  benefits  they  have  received  from  their  government's 
activities,  and  annual  performance  reports  are  one  avenue  for  agencies  to  communicate 
this  information  to  citizens  and  policymakers.  The  purpose  of  this  scorecard  is  to 
encourage  improvement  in  the  quality  of  reporting  on  results  achieved  by  government 


R  (-  hidden,  but  the  result  is  well  known.  (Ovid  [Publius  Ovidius  Naso],  43 

.  .-  A.D.,  Ars  Amatom  IV,  287,  from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  & 

C.O.,  Boston,  1968,  p.  128.) 
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Government-Wide  Acquisition  Contract  (GW AC) 

Government  contracts  originally  competed  intended  to  be  used  (ridden)  by  other 
government  entities  at  a  later  date.  These  buyers  need  not  let  their  own  contracts  but 
merely  write  tasks  against  the  existing  GWAC.  The  government  entity  awarding  the 
GW  AC  collects  a  fee  from  the  user  (a  negotiable  percentage  of  the  funding  used— usually 
on  a  sliding  scale  based  upon  quantity).  GWACs  are  similar  in  operation  to  basic  ordering 
agreements  (BO As)  and  blanket  purchasing  agreements  (BP As)  except  that  they  are 
intended  from  the  start  for  use  by  other  government  agencies— not  within  a  particular 
office  or  agency.  For  instance,  an  Air  Force  office  could  obtain  IT  services  through  the 
Department  of  Agriculture.  The  General  Services  Administration  (GSA)  has  established  a 
number  of  IT  vehicles  for  use  by  other  government  agencies  (e.g.,  their  Millenialite 
contract).  These  are  not  considered  GWACs,  but  they  operate  in  much  the  same  way. 

Better  one's  own  duty,  imperfect,  than  another's  duty  well  performed.  {Bhagavad  Gita, 
trans.  F.  Edgerton,  3,35  and  18,47,  from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  & 

Co.,  Boston,  1968,  p.  106b.) 

Graphical  User  Interface  (GUI) 

A  program  interface  that  takes  advantage  of  the  computer's  graphics  capabilities  to 
make  the  program  easier  to  use.  Well-designed  graphical  user  interfaces  can  free  the  user 
from  learning  complex  command  languages  (Glossuvy  ofIM/IT  &  KM  Terms). 

The  world  is  governed  more  by  appearance  than  by  realities,  so  that  it  is  fully  necessary 
to  seem  to  know  something  as  to  know  it.  (Daniel  Webster.  Leo  Boston  s  Carnival  of  Wit,  E.  P. 

Dutton  &  Co.,  New  York,  1994,  p.  264.) 

Groupware 

A  class  of  software  that  helps  groups  of  colleagues  (workgroups)  attached  to  a  local: 
area  network  orgaiuze  their  activities.  Typically,  groupware  supports  the  following 
operations:  Groupware  is  sometimes  called  workgroup  productivity  software.  Team 
groupware  is  a  category  of  software  that  enables  colleagues,  especially  geographically 
dispersed  colleagues,  to  collaborate  on  projects.  Typically,  team  groupware  uses  the 
Internet  and  the  World  Wide  Web  to  facilitate  commimication  among  the  team 
(http:  /  / www.webopedia.com/).  For  example,  the  Information  Resources  Management 
College  has  a  groupware  room  used  for  brainstorming  and  group  decision  making.  It 
provides  anonymity  (useful  with  the  Delphi  technique)  and  allows  participants  to  view 
the  contributions  of  others  in  real  time  and  for  all  to  vote  on  various  options.  The  PEO  for 
Space,  Commvmications,  and  Sensors  created  an  international  VTC  network  that  included 
computers  attached  at  various  umts  on  the  system.  Users  could  simultaneously  view  and 
modify  a  shared  file  in  real  time. 

If  all  economists  were  laid  end  to  end,  they  would  not  reach  a  conclusion.  (George 
Bernard  Shaw,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday, 

Garden  City,  NY,  1983,  p.  79.) 
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Hackers — see  Ir\formation  Warfare 

Unauthorized  individuals  who  surreptitiously  enter  or  "hack"  into  someone  else's 
network  or  computer  system.  Originally,  hackers  were  not  malicious  and  only  wished  to 
succeed  in  breaking  in  where  they  were  not  wanted — as  a  challenge.  The  term  cracker 
has  now  come  into  vogue  to  differentiate  hackers  who  are  malicious  in  intent  from  the 
original  hackers  since  common  usage  still  lumps  them  together  and  refers  to  anyone 
breaking  in  as  "hackers."  Thus,  cyber  terrorists  would  be  crackers,  not  hackers.  Happy 
Hacker:  http:  /  /www.happvhacker.org/  Jeanie  ICnonstantinou's  "Computer  Hackers. 
Invasion  of  Computer  Systems"  final  paper  for  Computers  and  Law  (University  at  Buffalo 
School  of  Law,  December  8, 1995),  white  hat  hacker  tool  LOphtCrack.  Back  Orifice  2000 

ntbugtraq.ntadvice.com/default.asp?sid=l&pid=47&aid=.45. 

Twenty  percent  of  the  traffic  on  the  Internet  is  trolling  looking  for  weaknesses  in 
networks  and  systems  {CERIAS  Security  Visionary  Roundtable  Call  to  Action,  version  1.0,  p. 
22);  Accenture  (formerly  Anderson  Consulting)  and  The  Center  for  Education  and 
Research  in  Information  Assurance  and  Security  (CERIAS)  at  Purdue  University,  2001 
(IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

Boys  throw  stones  at  frogs  in  sport.  But  the  frogs  do  not  die  in  sport,  they  die  in  earnest. 
(Plutarch,  quoted  by  P.  D.  James,  in  Death  of  an  Expert  Witness,  Charles  Scribner  s  Sons,  New 
York,  1977,  p.  190.) 

Phrack  underground  hacker  magazine:  http:/ / www.phrack.orgZ 
Phrack's  links  to  other  "Cool"  sites:  http:  /  / www.fc.net/ phrack/ other.html 
Hack  history:  http:  /  / www.attrition.org / mirror  / attrition/ index.htnil. 


Hacktivists 

Crackers  who  attack  computer  systems  to  promote  political  causes  or  to  wage  protest 
campaigns  in  cyberspace  by  posting  messages  on  targeted  Web  sites— often  national 
governments. 

The  healthy  progress  of  humanity  depends  on  our  getting  away  from  any  and  all 
unrealistic  mental  images  of  the  world  in  which  we  live.  (Elliott  Jaques,  Creativity  and  Work, 
International  Universities  Press,  Inc.,  Madison,  CT,  1990,  p.  6.) 

Halo  u-  ,4 

A  type  of  rater  error  in  which  the  rater  has  an  overall  impression  of  the  subject  and 

that  impression  overrides  scoring  of  individual  items  (IRMC  Measuring  Results  of 
C)rganizational  Performance  Course).  The  halo  effect  is  a  pitfall  in  many  types  of  rating 
systems  such  as  competitive  proposal  evaluations  (impression  of  a  bidder  is  good  or  not 
for  a  specific  rater,  possibly  due  to  limited  but  strong  prior  exposure);  personnel  selection 
for  hiring;  personnel  evaluations  (first  impressions  tend  to  be  overly  valued);  and 
numerous  others.  The  halo  effect  is  not  necessarily  limited  to  individuals  but  can  affect 
small  groups  as  well. 
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As  Karl  Weick  points  out,  people  "tend  to  be  more  interested  in  confirming  rather 
than  rebutting  or  contradicting"  their  expectations.  (Don  Cohen  and  Laurence  Prusak,  In 
Good  Company,  Harvard  Business  School  Press,  Boston,  2001,  p.  44;  quoting  Sensemakin?  in 
Organizations,  Sage  Pubs,  Thousand  Oaks,  CA,  1995,  p.  145.) 

Handshaking  Procedures 

Dialogue  between  two  information  systems  for  synchronizing,  identifying,  and 
authenticating  themselves  to  one  another  {Glossary  ofIM/IT  &  KM  Terms).  Such 
procedures  take  place  between  modems  (e.g.,  offsite  users)  and  the  LAN  (via  a  firewall) 
or  between  a  user's  browser  and  a  Web  site  or  portal.  Establishing  an  interface  connection 
between  any  two  electronic  entities  involves  handshaking  that  depends  upon  common 
protocols  between  the  connecting  systems. 

A  good  marriage  is  like  a  good  handshake— there  is  no  upper  hand.  Oacob  Braude,  Nezv 
Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood 
Cliffs,  NJ,  June  1961,  p.  227.) 

Hash — see  Encryption  and  PKI 

/m  algorithm  used  in  the  public  key  infrastructure  that  condenses  a  message  into  a 
standard  number  of  bits.  The  resulting  "message  digest"  is  then  encrypted  (signed)  by  the 
sendCT  s  private  key.  The  recipient  decrypts  the  message  digest  with  the  sender's  public 
tey.  This  prevents  the  message  digest  from  being  changed  without  detection,  since  only 
e  sender  has  the  key  used  to  encrypt  it.  Since  the  message  maps  onto  the  message 
igest,  any  change  to  the  message  itself  will  be  made  obvious  since  it  will  not  then 
correspond  to  the  unchanged  message  digest.  Thus,  any  message  tampering  will  be 
automatically  detected. 

If  the  world  were  perfect,  it  wouldn't  be.  (Yogi  Berra,  The  Yo^i  Book,  Workman 
Publications,  New  York,  1998,  p.  52.) 

Hate  Crimes  Legislation  S.B.  390 

Hate  Crimes  Legislation  has  been  proposed  but  defeated  by  state  and  federal 
governments  so  far.  The  best  chance  for  the  bill  was  the  DoD  Authorization  Bill  in 
October  2000,  but  it  was  stripped  from  that  bill. 

The  Senate  Bill  622  was  sponsored  by  Senator  Ted  Kennedy  in  March  1999  and 

redefined  the  existing  1969  law,  by  adding  gender,  disability,  and  sexual  orientation  as 
protected  classifications. 


An  Incredible  Speech  For  Hate  Crimes  Legislation  from  a  Conservative  White 
Republican  from  Rural  Georgia.  Remarks  on  S.B.  390,  Hate  Crimes  Legislation,  by  Rep.  Dan 
Ponder,  Thursday,  March  16, 2000  [made  from  the  well  of  the  Georgia  House  of 
Representatives]:  "Thank  you,  Mr.  Speaker,  Ladies  and  Gentlemen  of  the  House.  I  am 
probably  the  last  person,  the  most  unlikely  person  that  you  would  expect  to  be  speaking 
om  the  well  about  hate  crime  legislation.  And  I  am  going  to  talk  about  it  a  little  differently 
from  a  lot  of  the  conversations  that  have  gone  on  thus  far.  I  want  to  talk  about  it  a  little  more 
personally,  about  how  I  came  to  believe  what  I  believe. 
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"About  two  weeks  ago  my  family  got  together  for  my  father's  70th  birthday.  It  was  the 
first  time  since  my  oldest  daughter  was  bom  19  years  ago  that  only  the  children  and 
spouses  got  together,  no  grandchildren.  We  stayed  up  until  2  o'clock  in  the  morning  talking 
about  hate  crime  legislation,  this  very  bill.  Even  my  family  could  not  come  to  a  resolution 
about  this  bill,  but  we  did  agree  that  how  you  were  raised  and  who  we  are  would  likely 
influence  how  you  would  vote  on  this  bill.  So  I  want  you  to  know  a  little  bit  about  me,  and 
how  I  came  to  believe  what  I  believe. 

"I  am  a  White  Republican,  who  lives  in  the  very  Southwest  comer  of  the  most 
ultraconservative  part  of  this  state.  I  grew  up  there.  I  have  agricultural  roots.  I  grew  up 
hunting  and  fishing.  I  had  guns  when  I  was  a  kid.  On  my  12th  birthday  I  was  given  that 
thing  that  so  many  southern  boys  receive,  that  shotgim  from  my  dad  that  somehow  marked 
me  as  a  man.  I  was  raised  in  a  conservative  Baptist  church.  I  went  to  a  large,  mostly  white 
Southern  university.  I  lived  in  and  was  the  president  of  the  largest,  totally  white  fraternity 
on  that  campus.  I  had  nine  separate  great-great-great  grandfathers  that  fought  for  the 
Confederacy.  I  don't  have  a  single  ancestor  on  all  of  my  family  lines  that  lived  north  of  the 
Mason-Dixon  line  going  back  to  the  Revolutionary  War.  And  it  is  not  something  that  I  am 
terribly  proud  of,  but  it  is  just  part  of  my  heritage,  that  not  one,  but  several  of  those  lines 
actually  owned  slaves. 

"So  you  would  guess  just  by  listening  to  my  background  that  I  am  going  to  stand  up 
here  and  talk  against  hate  crime  legislation.  But  you  see,  that's  the  problem  when  you  start 
stereotyping  people  by  who  they  are  and  where  they  came  from,  because  I  totally,  totally 
support  this  bill.  I  come  from  a  privileged  background,  but  hate  has  no  discrimination  when 
it  picks  its  victims.  I  have  a  Catholic  brother-in-law.  My  sister  could  not  be  married  in  their 
church,  and  his  priest  refused  to  marry  them  because  they  were  of  different  faiths.  I  have  a 
Jewish  brother-in-law.  The  difference  in  that  religion  has  caused  part  of  my  family  to  be 
estranged  from  each  other  for  over  25  years.  I  was  the  president  of  the  largest  fraternity  at 
Auburn  University,  which  won  an  award  while  I  was  there  as  the  best  chapter  in  the 
coimtry.  Out  of  over  100  members,  6  of  those  are  now  openly  gay.  But  the  "lasting  bond  of 
brotherhood"  that  we  pledged  ourselves  to  during  those  idealistic  days  apparently  doesn't 
apply  if  you  should  later  come  out  and  declare  yourself  gay. 

"Some  of  you  know  that  my  family  had  an  exchange  student  from  Kosovo  that  lived 
with  us  for  six  months,  during  the  entire  time  of  the  fighting  over  there.  When  we  last  heard 
from  her,  her  entire  extended  family  of  26  members  had  not  been  heard  from.  Not  one  of 
them.  They  had  all  been  killed  or  disappeared  because  of  religious  and  ethnic  differences 
that  we  cannot  even  begin  to  understand.  My  best  friend  in  high  school  and  college 
roommate's  parents  were  raised  in  Denmark  during  the  war.  His  grandfather  was  killed 
serving  in  the  Resistance.  For  three  years,  that  family  survived  because  people  left  food  on 
their  doorstep  during  the  middle  of  the  night.  They  couldn  t  afford  to  openly  give  them 
food  because  they  would  then  be  killed  themselves. 

"And  to  Representative  McKinney,  we  are  probably  as  different  as  two  people  can  be  in 
this  House  based  on  our  backgroimds.  But  I  myself  have  also  known  fear,  because  I  am  a 
white  man  that  was  mugged  and  robbed  in  Chicago  in  a  black  neighborhood.  And  you  are 
right.  It  is  a  terror  that  never  goes  away.  It  doesn't  end  when  the  wounds  heal  or  the  dollars 
are  replaced  in  your  wallet.  It  is  something  that  you  live  with  the  rest  of  your  life.  But  I  want 
to  tell  you  the  real  reason  that  I  am  standing  here  today.  And  this  is  personal,  and  in  my  five 
years  in  this  House  I  have  never  abused  my  time  in  the  well,  and  I  only  have  2  days  before  I 
leave  this  body,  so  I  hope  that  you  will  just  listen  to  this  part  for  me. 

"There  was  one  woman  in  my  life  that  made  a  huge  difference  and  her  name  was  Mary 
Ward.  She  began  working  for  my  family  before  I  was  bom.  She  was  a  young  black  woman 
whose  own  grandmother  raised  my  mother.  Mary,  or  May-Mar  as  I  called  her,  came  every 
morning  before  I  was  awake  to  cook  breakfast  so  it  would  be  on  the  table.  She  cooked  our 
lunch.  She  washed  our  clothes.  But  she  was  much  more  than  that.  She  read  books  to  me. 
When  I  was  playing  Little  League  she  would  go  out  and  catch  baU  with  me.  She  was  never, 
ever  afraid  to  discipline  me  or  spank  me.  She  expected  the  absolute  best  out  of  me,  perhaps. 
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and  I  am  sure,  even  more  than  she  did  her  own  children.  She  would  even  travel  with  my 
family  when  we  would  go  to  our  house  in  Florida  during  the  summer,  just  as  her  own 
grandmother  had  done.  One  day,  when  1  was  about  12  or  13  1  was  leaving  for  school.  As  1 
was  walking  out  the  door  she  turned  to  kiss  me  good-bye.  And  for  some  reason,  I  turned 
my  head.  She  stopped  me  and  she  looked  into  my  eyes  with  a  look  that  absolutely  bums  in 
my  memory  right  now  and  she  said,  "You  didn't  kiss  me  because  1  am  black."  At  that 
instant,  1  knew  that  she  was  right.  I  denied  it.  I  made  some  lame  excuse  about  it.  But  I  was 
forced  at  that  age  to  confront  a  small  dark  part  of  myself.  I  don't  even  know  where  it  came 
from.  This  lady,  who  was  devoting  her  whole  life  to  me  and  my  brother  and  sister,  who 
loved  me  unconditionally,  who  had  changed  my  diapers  and  fed  me,  and  who  was  truly 
my  second  mother,  that  somehow  she  wasn't  worthy  of  a  good-bye  kiss  simply  because  of 
the  color  of  her  skin. 

"Hate  is  all  around  us.  It  takes  shape  and  form  in  ways  that  are  somehow  so  small  that 
we  don't  even  recognize  them  to  begin  with,  until  they  somehow  become  acceptable  to  us.  It 
IS  up  to  us,  as  parents  and  leaders  in  our  communities,  to  take  a  stand  and  to  say  loudly  and 
clearly  that  this  is  just  not  acceptable.  I  have  lived  with  the  shame  and  memory  of  my 
betrayal  Mary  Ward's  love  for  me.  I  pledged  to  myself  then  and  I  re-pledged  to  myself  the 
day  I  buried  her  that  never,  ever  again  would  1  look  in  the  mirror  and  know  that  I  had  kept 
silent,  and  let  hate  or  prejudice  or  indifference  negatively  impact  a  person's  life;  even  if  I 
didn't  know  them.  Likewise,  my  wife  and  I  promised  to  each  other  on  the  day  that  our 
oldest  daughter  was  bom  that  we  would  raise  our  children  to  be  tolerant.  That  we  would 
raise  them  to  accept  diversity  and  to  celebrate  it.  In  our  home,  someone's  difference  would 
never  be  a  reason  for  injustice. 

When  we  take  a  stand,  it  can  slowly  make  a  difference.  When  I  was  a  child,  my  father's 
plants  had  a  lot  of  whites  and  a  lot  of  blacks  working  in  them.  We  had  separate  water 
fountains.  We  had  separate  tables  that  we  ate  at.  Now  my  daughter  is  completing  her  first 
year  at  Agnes  Scott  College.  She  informed  me  last  week  that  she  and  her  roommate,  who 
happens  to  be  black,  they  were  thrown  together  just  randomly  last  year  as  first  year 
s^dents,  had  decided  that  they  were  going  to  room  together  again  next  year.  I  asked  her 
the  reasons  that  they  had  decided  to  live  together  again.  She  said,  "Well,  we  just  get  along 
so  well  together."  She  mentioned  a  couple  of  other  reasons,  but  do  you  know  what  was 
absent?  Color.  She  just  didn't  think  about  it.  You  can  make  progress  when  you  take  a  stand. 
Our  exchange  student,  who  grew  up  in  a  country  where  your  differences  absolutely  defined 
everything  about  you,  now  lives  in  Dallas  where  a  whole  community  of  different  races  has 

embraced  her  and  is  teaching  her  how  to  accept  people  who  are  different  from  her  and  who 
love  her. 

To  those  that  would  say  that  this  bill  is  creating  a  special  class  of  citizen,  I  would  say 
...  Who  would  choose  to  be  a  class  of  citizen  or  who  would  choose  to  be  gay  and  risk  the 
alienation  of  your  own  family  and  friends  and  coworkers?  Who  would  choose  to  be  Jewish, 
so  that  they  could  endure  the  kind  of  hatred  over  the  years  that  led  to  the  Holocaust  and  the 
near  extinction  of  the  Jewish  people  on  an  entire  continent?  Who  would  choose  to  be  black 
simply  so  that  their  places  of  worship  could  be  burned  down  or  so  that  they  could  spend  all 
their  days  at  the  back  of  the  line?  We  are  who  we  are  because  God  alone  chose  to  make  us 
that  way.  The  burdens  that  we  bear  and  the  problems  that  we  are  trying  to  correct  with  this 
legislation  are  the  result  of  man's  inhumanity  to  man.  That  is  hardly  trying  to  create  a 
special  class  of  people. 

"To  those  that  would  say  that  we  already  have  laws  to  take  care  of  these  crimes,  I 
would  say  watch  the  repeats  of  yesterday's  debate  on  the  lawmakers.  We  made  passionate 
pleas  on  behalf  of  animal  rights.  We  talked  with  revulsion  about  cats  being  wired  together 
with  barbed  wire.  Surely,  surely,  Matthew  Sheppard's  being  beaten  and  hung  up  on  a 

barbed  wire  fence  and  left  to  die  is  no  less  revolting.  Surely  our  fellow  man  deserves  no  less 
than  our  pets. 

"Hate  crimes  are  different.  When  I  was  a  teenager,  on  more  than  one  water  tank,  I 
painted  'Sr's  of  '72.'  Surely  no  one  in  here  is  going  to  tell  me  that  the  words  that  are  painted 


176 


on  walls  that  say  'Kill  the  Jews'  or  a  swastika  or  'Fags  must  die'  or  'Move  the  Niggers  are 
somehow  the  same  as  'Sr's  of  '72.'  Even  today,  those  very  words  make  us  feel  uncomfortable 
and  they  should.  Surely  we  are  not  going  to  equate  a  barroom  brawl  or  a  crime  of  passion 
with  a  group  that  decides,  with  purpose,  to  get  in  a  car  and  go  beat  up  blacks  or  gays  or 

Jews  without  even  knowing  who  they  are. 

"Hate  crimes  are  about  sending  a  message.  The  cross  that  was  burned  m  a  black 
person's  yard  not  so  many  years  ago  was  a  message  to  black  people.  The  gay  Person  ^at  is 
bashed  walking  down  the  sidewalk  in  midtown  is  a  message  to  gay  people.  And  the  Jews 
that  have  endured  thousands  of  years  of  persecution  were  all  being  sent  messages  over  arid 
over  again.  I  would  say  to  you  that  now  is  our  turn  to  send  a  message.  I  am  not  a  lawyer;  1 
don't  know  how  difficult  it  would  be  to  prosecute  this  or  even  care.  I  don't  really  care  that 
anyone  is  ever  prosecuted  under  this  biU.  But,  I  do  care  that  we  take  this  moment  m  time,  m 
history,  to  say  that  we  are  going  to  send  a  message.  The  pope  is  now  sending  a  message  o 
reconciliation  to  Jews  and  people  throughout  this  world.  Some  of  those  crimes  occurred 
2,000  years  ago.  My  wife  and  1  have  sent  a  message  to  our  children  that  we  are  all  God  s 
children  and  that  hate  is  unacceptable  in  our  home.  1  believe  that  we  must  send  a  message 
to  people  that  are  filled  with  hate  in  this  world,  that  Georgia  has  no  room  for  hatred  withm 
its  borders.  It  is  a  message  that  we  can  send  to  the  people  of  this  state,  but  it  is  also  a 
message  that  you  have  to  send  to  yourself.  I  ask  you  to  look  within  yourself  and  do  what 
you  think  is  right.  I  ask  you  to  vote  YES  on  this  bill  and  NO  to  hate. 

Footnote:  "A  white,  married.  Republican  from  what  he  calls  an  ultraconservative  rural 
district.  Ponder,  45,  rose  to  speak  moments  after  the  Georgia  House  voted  83-82  to  SHELVE 
a  proposal  to  make  crimes  carry  tougher  penalties  when  they  are  motivated  by  hatred." 

Then,  Rep.  Ponder  gave  the  speech  you  just  read  above.  Republicans  and  Democrats  alike 
gave  Ponder  two  standing  ovations,  then  outlawed  all  hate  crimes  by  a  vote  of  116-49. 

Georgia  Gov.  Roy  Barnes  signed  the  new  law  at  a  synagogue  scarred  by  swastika-pamtag 
vandals.  (This  version  received  via  Internet  e-mail.  Published  on  Saturday,  June  24, 2000,  m 
the  Pittsburgh  Post-Gazette  "Hate  Crimes  &  Political  Courage:  The  Speech  That  Turned 
Heads"  by  Dennis  Roddy.  See  http://www.commondreams.org/view,s/062400-103.htm. 

Hawthorne  Effect  ,  c  •  4. 

A  threat  to  the  acceptance  of  evaluation  results  which  states  that  if  participants 

experiencing  the  intervention  know  they  are  part  of  an  experiment,  they  will  work 
especially  hard  at  making  the  experiment  a  success,  and  they  will  out-score  some  other 
group  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  The  Hawthorne 
Effect  resulted  from  an  actual  experiment  in  which  the  amount  of  light  was  increased  in  a 
factory.  Experimenters  did  expect  output  to  increase— which  it  did.  But,  for  control 
purposes,  when  they  then  gradually  reduced  the  light  level  to  where  it  was  originally,  the 
output  continued  to  increase  rather  than  decrease  as  expected.  People  are  not  automatons; 
this  experiment  became  quite  famous.  It  showed  that  psychological  considerations  can 
outweigh  physical  ones.  It  is  the  basis  for  social  psychological  research  methods  (such  as 
in  the  Milgram  experiments  described  in  Obedience  to  Authority)  in  which  the  subjects 
(people  experimented  upon)  must  be  deluded  regarding  the  actual  experiment  or  they 
will  confound  the  results.  Thus,  to  be  effective,  control  groups  must  be  treated  exactly  the 
same  as  experimental  groups  (thus,  placebos  are  given  to  simulate  medicines  m  medical 

research). 

Like  primitives,  we  are  at  first  wholly  unconscious  of  our  actions,  and  only  discover 
long  afterwards  why  it  was  that  we  acted  in  a  certain  way.  In  the  meantime  we  content 
ourselves  with  all  sorts  of  rationalizations  of  our  behavior,  all  of  them  equally  inadequate. 
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196?'p'’342  T'  P""‘heon  Books,  New  York, 

Health  Insurance  Portability  and  Accountability  Act  (HIPAA)  of  1996 

^  establishment  of  standards/requirements  for  electronic  transmission  of 
in  ea  information;  provides  criminal  penalties  (maximum  1  year;  $50,000)  for 
wrongly  disclosmg  or  obtaining  individually  identifiable  health  information;  higher 
Coursef  commercial  usage  (IRMC  Assuring  the  Information  Infrastructure 

Every  day  should  be  passed  as  if  it  were  to  be  our  last.  (Publilius  Syrus,  Maxim  633 
from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  126.) 

Helicopter  Principle— see  Level  of  Abstraction 

Referring  to  Vcm  Lennep  Muller  from  Shell  International,  the  helicopter  principle  of 
human  capacity:  The  height  from  which  the  individual  is  able  to  survey  the  work 
SI  ation  while  still  metaphysically  keeping  his  feet  on  the  ground.  The  higher  the 

and  capacity."  (Elliott  Jaques,  R.  O.  Gibson, 

16  A?'i'  ^  f  '  of  Abstraction  m  Logic  and  Human  Action:  A  Theonj  of  Discontinuity  in 
1978,  p.  2%)'''  Behaviour  and  Social  Organization  Heinemann,  London, 

One  beautiful  morning,  El  Greco  sat  in  a  room  with  the  curtains  tightly  drawn  Invited 
to  go  out  for  a  walk,  El  Greco  said,  "No,  the  sunlight  would  disturb  thf  light  that  is  shining 
within  me.  (U’o  Rosten  s  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  53.)  ® 

Helper  Applications 

taclf  software  applications,  running  on  a  workstation,  that  claim  to  facilitate 

functionality.  They  are  often  downloadable  from  the  Internet  (e.g.,  plug- 

riirhtc  t  E,  fb  f  various  sources,  from  freeware  sites  to  Microsoft.  They  have 

ghts  to  both  the  workstation  and  the  network  to  which  it  is  attached.  Thus,  they  can  be 
quite  dangerous  from  a  security  perspective.  ^ 

road-sweeper  came  by  with  his  brush.  He  was  a  friendly  old  fellow 
Ml  j  Gidding  at  the  Hollies,  got  into  the  habit  all  that  summer  of  taking  him  a  glass  of 
lemona^  and  a  s^e  of  cake.  He  thanked  her  shyly,  and  that  was  all.  But  one  evening  there 

-fere,  a 

OTe  hand  and  a  bunch  of  sweet  peas  in  the  other.  He  seemed  embarrassed  as  he  said  "I’ve 
brought  you  these,  rna'am,  for  your  kindness."  "Oh,  you  shouldn't,"  exclaimed  Miss' 

Gidding,  It  was  nothing."  And  then,  the  road-sweeper  said  an  odd  thing.  "Well  no  "  he 

(Prom  500  Talcs  to  Tell  Again,  H.  L.  Gee,  Ed.,  London  Epworth  Press,  quoted  by  Jacob 

Hierarchical  Storage  Management  (HSM) 

Storage  solution  in  lieu  of  adding  more  disk  drives,  removing  unused  files 
and  manually  migrating  to  offline  storage,  HSM  migrates  data  from  one  mfdia  to  anothe'r 
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(typically  from  magiretic  disk  to  archival  media)  aird  recalls  it  when  needed.  It  uses 
removable  rotating  media  (floppy  disk),  high-density  floppy  disk  drives  (zip,  EZ,  LS-120, 
HiFD),  and  removable  disk  drives  (Jaz,  Clik!,  Quest,  SparQ)  (IRMC  Data  Management 
Strategies  and  Technologies  Course). 

Those  who  do  not  remember  the  past  are  condemned  to  repeat  it.  (George  Santayana, 
quoted  by  John  D.  Harper  in  "The  Essential  Role  of  Profits,"  quoted  by  Paul  A.  Samuelson 
in  Readings  in  Economics,  Chapter  56,  McGraw-Hill,  1967,  p.  287.) 

History — see  ANOVA  .  . 

1)  A  threat  to  acceptance  of  evaluation  results  which  states  that  some  event  or  achvity 

occurring  around  the  period  of  the  intervention  produced  the  gain  in  performance,  not 
the  intervention  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  This 
situation  can  be  addressed  using  factor  analysis  or  ANOVA.  It  results  from  the  fact  that 
humans  are  nonlinear.  Thus,  there  are  virtually  always  more  than  one  factor  or  variable. 
Experiments  try  to  limit  the  intervention  (difference  between  control  and  experimental 
groups)  to  one  variable  so  that  the  results  can  then  be  immediately  attributed  to  that 

variable  or  intervention.  /  •  u  • 

2)  In  acquisition  the  bidding  contractors'  histories  of  past  performance  (within  a 

designated  period)  must  be  included  as  a  major  selection  criterion. 

Those  who  study  history  must  interpret  it  in  a  particular  way.  Otherwise,  they  might 
understand  their  potential  to  repeat  it.  (Jerry  B.  Harvey,  The  Abilene  Paradox  and  Other 
Meditations  on  Management,  Lexington  Books,  Lexington,  MA,  1988,  p.  86.) 

Hoaxes  and  Myths— see  Urban  Legends  „  r  i  j 

Many  messages  replicated  over  the  Internet  (especially  via  e-mail)  are  totally  false  and 
untrue— forming  a  large  and  growing  set  of  hoaxes.  Many  "viruses"  only  exist  in  peoples' 
minds.  Various  electronic  chain  mail  messages  promise  good  or  bad  luck.  Also,  a  number 
of  "urban  legends"  (stories  that  by  virtue  of  repetition  are  accepted,  erroneously,  as  fact) 
have  appeared.  Some  Web  sites  have  developed  to  debunk  these  artificial  constructs. 
http:  /  /  www.umich.edu/~wwwitd/ virus-busters /hoaxes/ phone.html, 
http:  /  /  urbanlegends.miningco.com/ ;  http:/  /  www.vmvths.com/  myths, 
http://www.urbanlegends.about.com/ science /urbanlegends/ cZht/OO/07/How  SpotJE 
mail  Hoax0%2932962.htm:  http: /  / www.snopes2.com/..  See  George  Smith's  "An  ^ 
Electronic  Pearl  Harbor?  Not  Likely"  (Issues  in  Science  and  Technology,  Fall  1998),  Clifford 
Stoll's  Silicon  Snake  Oil:  Second  Thoughts  on  the  Information  Superhighway  (Doubleday,  New 
York,  1995),  and  "Virus  Myths"  fhftp:  /  /www.kumite.com/ myths).  But  also  see  Jennifer 
RuppeTs  "A  Cyber  Pearl  Harbor?  The  Infrastructure  Protection  Task  Force  and  other 
Government  Responses  to  this  Threat"  (final  paper.  Fall  1996,  Computers  and  the  Law, 
University  at  Buffalo  School  of  Law)  (IRMC  Assuring  the  Information  Infrastructure 

Course). 

I  am  not  a  word-magician  or  a  word-fetishist  who  thinks  he  can  posit  or  call  up  a 
metaphysical  reality  with  his  incantation.  (C.  G.  Jung,  Letters,  Vol.  2,  BoUingen  Series  95, 

1951-61,  Gerhard  Adler  and  Aniela  Jaffe,  Eds.,  Princeton  University  Press,  Princeton,  NJ, 

1953-75!  p.  260.) 
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Home  RF 

(c\  ^  wireless  protocol:  led  by  Proxim;  based  on  shared  wireless  access  protocol 

(SWAP);  intended  for  home  use  (LANs);  has  a  50-meter  range;  operates  at  2.4  GHz  (ISM 
band);  has  1.5  Mbps  data  rate;  has  no  security  such  as  IEEE  802.11  has;  and  is,  therefore, 

vulnerable  to  hacker  war  driving  (IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course). 

There  is  no  reason  for  any  individual  to  have  a  computer  in  their  home.  (Ken  Olson, 
president  of  Digital  Equipment  Corp.,  at  the  Convention  of  the  World  Future  Society  in' 

Boston,  1977  [received  via  Internet  e-mail  and  verified  in  Christopher  Cerf  and  Victor 
Navasky,  The  Experts  Speak,  Villard,  NY,  1984,  p.  231].) 

Human  Capital — see  Expertise  Locator 

All  the  expertise,  experience,  capability,  capacity,  creativity,  adaptability,  etc., 
possessed  by  the  individuals  in  an  organization.  It  is  heavily  influenced  by  those 
individuals'  tacit  knowledge.  For  instance,  one  manufacturer  opened  its  factory  to 
visitors  even  competitors.  When  questioned  about  the  risk  involved,  the  president 
stated  that  watching  the  processes  would  do  them  no  good  because  the  real  value  lay  in 
the  knowledge  known  only  to  the  employees  on  the  line.  Company  buyouts  have,  thus, 

may  end  in  disaster  if  present  employees  (with  the  requisite  tacit  knowledge)  are  not 
retained.  ° 


From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 


OPM Human  Capital  Scorecard:  http:/ /www.opm.gov/hrmc/2001  /rnsg-112a.hfi 

3/02.  OPM  memo  of  December  7, 2001,  announces  the  development  of  the  Human 
Capital  Scorecard. 


„  Scorecard:  http:/ / www.opm.gov/humancapital  /.scorecard .h tin  4/02. 

The  Human  Capital  Scorecard  provides  a  way  for  agencies  to  achieve  green  status  on  the 
Executive  Scorecard  for  human  capital  by  improving  their  management  and  deployment 
of  human  resources." 

Human  Resource  Management  Accountability  Clearinghouse:  http:  /  / www.opm.gnv / 
account/clrnghse/clrnghse.htm  4/ 02.  "The  Human  Resources  Management  (HRM) 
Accountability  Systems  Clearinghouse  is  a  compendium  of  successful  and  promising 

applications  of  HRM  accountability  systems  or  their  components  within  Federal  agencies 
and  other  organizations."  ° 

Measurement  Forum:  http: /  / www.fedscope.opm.gov  /hrm  4/02.  Beta  test  of  U.S. 

Office  of  Personnel  Management /Office  of  Merit  Systems  Effectiveness'  Measurement 
Forum. 
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Deakin  University— Using  Data  to  Improve  People  Management: 
http:  /  /  vvwvv.psmpc.gov.au  /bpo/deakinuniversitv.htm  3/02.  Deakin  s  HRS  Division 
uses  a  range  of  data  to  improve  the  quality  of  people  management  throughout  the 
University." 

Measuring  the  Impact  of  Career  Development  on  an  Organization  by  Ron  Elsdon  and 
Seema  Iyer  (Sun  Microsystems,  Inc.)  http:  /  / www.elsdon.com/case.htm  3/02.  This  case 
looks  at  measuring  how  the  organization  benefits  from  investing  in  employee  career 
development,  and  the  paradox  of  how  equipping  employees  with  greater  self 
determination  enhances  retention." 

Human  Resource  Metrics:  Can  Measures  Be  Strategic  by  John  W.  Boudreau  and  Peter  M. 
Ramstad  http:  /  /www.ilr  .cornell.edu/depts/ cahrs/FDFs/WorkingPapers/WP98-10.p.df 
5 /02.  "For  metrics  to  advance  beyond  simply  a  large  inventory  of  potentially-useful 
indices  with  no  integrating  logic  or  theory,  they  must  be  driven  by  a  strategic  perspective 
that  can  identify  key  measures,  their  necessary  characteristics,  and  the  linkages  necessary 
to  test  and  enhance  their  quality." 

Strategic  Human  Resources  Management  Measures:  Key  Linkages  and  the  People  Vantage 
Model  by  John  W.  Boudreau  http://www.ilr.cornell.edu/ depts/ cahrs/PDFs/  ^ 
WorkingPappr<^  / WP98-28.pdf  4/02.  "This  article  proposes  that  the  key  to  creating 
meaningful  HR  metrics  is  to  embed  them  within  a  model  that  shows  the  links  between 
HR  investments  and  organizational  success. 

How  to  Get  Your  Head  Around  Measuring  Minds  hy  Geoffrey  Colvin 

http:  /  /www.business2.com  / articles /mag /print/ 0,1643, 6055 ,OO.html  5/02.  Optimizing 
use  of  the  scarce  resources  is  what  managers  get  paid  to  do,  so  the  smart  ones  are 
clamoring  for  measures — metrics,  as  they  like  to  say  that  will  help. 

HR  Concepts— Numbers  ?  Yuckl  by  Mike  Deblieux  http:  /  / www.pil-traonline.orgZ 
pihrascope /0500 /dept7.hfa-nl  12/01.  "The  days  of  getting  through  an  HR  career  without 
using  at  least  basic  statistics  to  answer  business  questions  are  numbered." 

Measure  the  Metrics  by  Karen  Hildebrand  http:  /  /  www.wetfeet.com/emploverZ 
articles /artic]p.asp?aid=465  12/01.  "Metrics  is  a  tool  for  a  larger  analysis  of  your 
recruiting  effectiveness." 

Metrics  by  Katherine  Lee  http:  /  / startribune.hr.com/hrcom/index.cfm/ weeklyMagZ 
4FR1 B02D-F639-1 1 D4-9AB7009027F0248F  4/02.  "Although  companies  have  been 
developing  a  stronger  backbone  for  using  quantitative  measurements,  or  metrics,  only 
about  1%  of  HR  budgets  are  being  allocated  to  this  venture.  Why  is  there  aversion  to 

numbers?" 


181 


Put  Your  Money  Where  Your  Results  Are  by  Audra  Slinkey 
http:/ /vvww.recruitersnetwork.coim/articles/articIe.cfin?ID=in77 3/02.  "The  Recruiting 
and  Staffing  function  in  any  organization  is  one  of  the  hardest  departments  to  measure 
but  also  the  most  crucial." 

Checklist  of  Possible  Employment  “Metrics”  by  Dr.  John  Sullivan 
http: /  /ourworld.compuserve.com / homepa ges  / gately  /ppl5isl7.htm  3 /02.  "This 
checklist  can  be  used  as  an  audit  tool  or  as  a  mechanism  for  identifying  and  continuously 
improving  the  employment  function." 

Develop  an  Employment  Dashboard  and  Index  by  Dr.  John  Sullivan 
http: /  /ourworld.compuserve.com/homepages/ gately/pplSisOO.hti-n  (Article  #149)  4/02. 
(NOTE:  To  read  article,  scroll  down  page  and  click  on  article  #149)  and 
ht.tp://ourworld.compuserve.com/homepages/gatelv/pp15s149  htm  6/02.  "You  can’t 
improve  what  you  don't  measure,  so  metrics  are  a  crucial  element  of  great  recruiting.  " 

HR  Effectiveness  Metrics  by  Dr.  John  Sullivan  http:/ / www.zigonperf.rom/resourres/ 
p.mnews/sullivan  hr  metrics.html  12/01.  Measures  that  can  be  used  to  evaluate  the 
effectiveness  of  an  HR  function. 

Measuring  Training  Effectiveness  /Impact  by  Dr.  John  Sullivan 

kttp:  /  /ourworld.compuserve.com  / homepages / ga tel v /ppl 5isl 8. Ii tm  5/02.  "Training  can 
be  measured  in  a  variety  of  ways." 

The  Incredible  Cost  of  a  Bad  Hire~Pt  l&2hy  Dr.  Wendell  Williams 

Mtp:/  /^vww.erexchange.com/articies/db/756E166E2F,20460FBR32F  A7BB751  F.l  FR.a>;p 

k/02;  kttp:/ /www.erexchange.com/articles/db/C5,34()  I  EE8[WF48BE98HAn7C7ABFBHB,SF 
6/m.  "Most  people  don’t  realize  recruiting  costs  are  more  than  the  cost  of  acquisition  or 
cost  of  turnover;  they  are  also  deeply  hidden  in  the  cost  of  variable  productivity.  From  the 
largest  organization  to  the  smallest,  bad  hiring  practices  tend  to  secretly  cripple 
organizations." 

How  to  Measure  White  Collar  Employee  Performance  by  Jack  Zigon 
http:/ /www.zigonperf.com/artides/whitecollar.html  6/02.  "This  article  will  give  you 
several  tools  for  defining  performance  standards  for  the  hard-to-measure  jobs  in  vour 
organization."  ^ 

The  5"'  Annual  HR  Measurement  2002  (Presented  by  IQPC)  http://www.iaDc.com/rvi- 
bin/ templates /1 0093746033 1 61 621 0937400002  / genevent.html?topic=9&event=2033 
12/01  Ganuary  30-31, 2002;  Orlando,  Florida;  $1899).  "You  will  learn  from  innovative 
compaiues  who  have  faced  the  challenges  of  defining,  measuring,  implementing  and 
improving  HR  metrics  and  have  identified  solutions.  You  will  examine  HR  measurement 
systems  that  reap  the  greatest  rewards  and  see  how  you  can  do  the  same  in  your  own 
organization!" 
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6"'  Annual  HR  Measurement  Summit  (Presented  by  IQPC)  http:/ / www. iqpc.com/cgi- 

hin  /templates  /I  ni  432692866470336913900002  /genevent.html?topic=9&event=22J6 

3/02, 4/02, 5/02, 6/02  Quly  22-25, 2002;  Chicago,  IL;  $1899).  The  conference 
theme/emphasis  will  be  on  defining,  measuring,  and  improving  human  resources 
management. 

2003  Performance  Measurement  Conference  (Presented  by  The  Conference  Board) 
http:/  /  www.conference-board.org  /  conferences/ conference.cfm?id= 
326&event=143&view=topics  6/02  (March  27-28, 2003;  San  Diego,  CA;  $1875). 
"Integrating  measurement  and  management  for  maximum  performance." 

HRC  Web  page:  http:  /  /www.hrc.navsea.navy.mil/lirc.html 

Human  Resources  Site:  http:  /  /  w  ww.donhr.nav-v.mil 

Navy /Marine  Corps  White  Pages:  http:/ /sdiego.dir.navy.milZ. 

Our  present-day  consciousness  is  a  mere  child  that  is  just  beginning  to  say  I.  (C.  G. 

Jung,  Civilization  in  Transition,  CWIO,  Princeton  University  Press,  Princeton,  NJ,  1964,  p. 

137.) 

Human  Computer  Interface  (HCI) 

HCI  attempts  to  make  computer  work  more  natural  using  the  gamut  of  human  senses. 
It  includes  video  teleconferencing,  speech  recognition  (automatic  speech  recognition  and 
natural  language  processing),  virtual  reality,  and  multimedia  (IRMC  New  World  of  the 
CIO  class). 

http:  /  /  citeseer.nj.nec.com/HumanComputerInteractioiiZ 
htt|->:  /  /www.ida.liu.se/~miker/hci/indexl.html. 

Sattinger's  Law:  It  works  better  if  you  plug  it  in.  (Quoted  by  Lawrence  J.  Peter  in  The 
Peter  Prescription,  William  Morrow  &  Co.,  New  York,  1972,  p.  115) 


Hyperlink 

An  Internet  address  in  hypertext  markup  language  (HTML),  embedded  in  an 
application,  that  is  recognized  by  the  application  and  can  be  utilized  (via  mouse  clicks)  to 
immediately  access  that  address  or  site.  Hyperlinks  that  are  recognized  by  these 
applications  (Microsoft  Word,  Excel,  PowerPoint,  Netscape,  Web  sites,  or  e-mail 
programs)  are  usually  automatically  colored  blue  and  underlined  by  the  application.  Use 
of  the  particular  hyperlink  frequently  changes  its  color.  World  Wide  Web  sites  frequently 
include  hyperlinks  to  other  places  within  the  site  as  well  as  links  to  other  Web  sites. 
Department  of  the  Navy  Chief  Information  Office  toolkits  (e.g.,  the  knowledge-centric 
organization  and  the  C-Port  or  community  of  practice  CDs)  include  lists  of  relevant  sites 
that  are  included  as  hyperlinks  so  that  users  can  merely  click  on  them  to  be  automatically 
attached  via  their  browser.  Hyperlinks  greatly  facilitate  Web  surfing. 

Whatsoever  thou  resolvest  to  do,  do  it  quickly.  Defer  not  till  evening  what  the  morning 
may  accomplish.  (Sri  Ramatherio,  Unto  Thee  I  Grant,  Supreme  Grand  Lodge  of  Ancient 
Mystical  Order  Rosae  Crucis,  San  Jose,  CA,  1971,  p.  6.) 
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Hypermedia 

The  combination  of  hypertext  and  multimedia  in  an  online  document  (Glossary  of 
IM/IT  &  KMTerms).  ^  ^ 

In  my  own  work,  I  always  hope  to  do  things  differently  tomorrow  in  light  of  what  I 
learn  today.  (Christ  Zois,  Think  Like  a  Shrink,  Warner  Books,  New  York,  1992,  p.  2.) 

Hypertext 

Content  written  or  encoded  in  a  hypertext  format  ("language")  such  as  hypertext 
markup  language  or  extensible  markup  language.  Hyperlinks  are  a  particular  encoding 
within  one  of  these  languages  that  permits  users  to  jump  to  the  specified  location.  Not  all 
hypertext  are  hyperlinks,  however.  Content  on  Web  sites  is  written  in  a  hypertext 
language;  hypertext  is  the  nature  of  Web  site  information  and  display. 

The  word  for  us  is  still  a  fetish,  and  we  assume  that  it  produces  the  thing  of  which  it  is 
only  an  image  . . .  Moreover,  superstitious  belief  in  the  power  of  the  word  is  a  serious 
obstacle  to  our  thinking.  (C.  G.  Jung,  letters,  Vol.  2,  Bollingen  Series  95, 1951-61,  Gerhard 
Adler  and  Aniela  Jaffe,  Eds.,  Princeton  University  Press,  Princeton,  NJ,  1953-75,  p.  710.) 

HyperText  Markup  Language  (HTML)-see  Webification  and  extensible  Markup 
Language  ^ 

Presently,  the  primary  language  or  method  of  encoding  entries  accessed  from  Web 
sites  on  the  World  Wide  Web.  Web  pages  are  built  with  html  tags,  or  codes,  embedded  in 
the  text.  Html  defines  the  page  layout,  fonts,  and  graphic  elements  as  well  as  the 
hypertext  links  to  other  documents  on  the  Web.  Each  link  contains  the  URL,  or  address,  of 
a  Web  page  residing  on  any  server  worldwide,  hence  "World  Wide  Web."  Html  is  not  a 
programming  language  like  FORTRAN  or  Java  or  C++  (if  this,  do  that);  rather  it  could  be 
considered  a  presentation  language."  Html  is  derived  from  SGML,  the  standard 
generalized  markup  language,  which  is  widely  used  to  publish  documents.  Html 

documents  with  a  fixed  set  of  tags.  HTML  is  generally  equivalent  to 
Static  HTML.  However,  Dynamic  HTML  combines  new  tags  and  options,  style  sheets 
and  programming  to  make  Web  documents  look  like  desktop  multimedia  application^.  It 
provides  an  object-oriented  view  of  Web  pages  and  elements;  cascades  style  sheets,  layers 
contents,  addresses  most  page  elements,  and  provides  dynamic  fonts.  See 
http: // www.devx.com/ projectcool/ developer /defaul  t.asp  for  a  demonstration  (IRMC 
Data  Management  Strategies  and  Technologies  Course). 

Tutorial  on  how  to  do  HTML:  http://www.cwru.edii  /help  /introHTMT 
Dynamic  HTML:  http:/ / developer.netscape.com/openstudio/tech/ 
index  frame.html?content=/tech/dvnhtml/dvnhtml  bfm1 

For  the  idiom  of  words  very  little  she  heeded. 

Provided  the  matter  she  drove  at  succeeded. 

She  took  and  gave  languages  just  as  she  needed. 

(Matthew  Prior,  1664-1721,  jinmj  the  Just,  from  The  Oxford  Dictionary  of  Quotations, 

Oxford  University  Press,  New  York,  1980,  p.  400,  No.  27.) 
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Hypertext  Transfer  Protocol  (HTTP) 

A  protocol  for  exchanging  HTML  pages  and  forms.  It  is  included  as  a  header  on  URLs, 
though  now  browsers  automatically  use  it  without  the  need  for  user  or  manual  entry. 

Sometimes  you  have  to  get  lost  to  find  yourself.  (Betsy,  The  Yogi  Book,  Yogi  Berra, 

Workman  Publications,  New  York,  1998,  p.  125.) 

H-IB  Visas 

In  response  to  IT  staffing  difficulties  (as  predicted  by  the  Hudson  Commission), 
Congress  has  considered  expanding  the  issuance  of  H-IB  visas.  These  visas  are  aimed  at 
admitting  IT-qualified  personnel  into  the  United  States  in  order  to  ease  the  present  and 
predicted  staffing  problems.  Due  to  supply  and  demand  considerations,  various  groups 
support  or  oppose  such  an  increase  in  foreign  IT  professionals  in  the  United  States.  See 
http:  /  /  comment.cio.com  /  sound.cfm?  ID=48. 

Prejudice  is  a  precious  thing  to  be  treasured.  If  you  don't  guard  against  acquaintance,  it 
may  slip  through  your  fingers.  {Philadelphia  Sunday  Bulletin,  May  29, 1966,  Section  2,  p.  1.) 
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Identification 

The  process  an  information  system  uses  to  recognize  an  entity  (user)  to  permit  access 
to  the  system.  It  is  usually  lumped  together  with  authentication  in  the  CIANA 
(confidentiality,  integrity,  availability,  nonrepudiation,  and  authentication)  information 
security  model.  Access  control  is  a  critical  technique  for  protecting  information  systems 
from  malicious  attacks  (especially  by  outsiders).  Many  present  systems  use  passwords  for 
identification  with  the  inherent  risks  of  automated  password  dictionaries,  written  down 
passwords,  forgotten  passwords,  human  engineering  methods  for  obtaining  user 
passwords,  shared  passwords,  lack  of  screensavers  or  auto-logoff  procedures,  etc.  Use  of 
complex  passwords  only  alleviates  some  of  these  risks,  while  actually  exacerbating 
others — the  harder  it  is  to  remember  a  password,  the  more  likely  that  users  will  short- 
circuit  them  in  some  way.  The  Navy  is  introducing  common  access  cards  (CACs)  for  use 
with  the  Navy /Marine  Corps  Intranet.  CACs  are  smart  cards  that  can  be  used  to  access 
computer  systems.  If  temporarily  leaving  the  computer,  the  user  can  merely  remove  the 
card— locking  the  computer  (with  a  blanked  screen).  Upon  return  and  reinsertion  of  the 
card,  the  computer  returns  to  the  state  in  which  it  was  left.  It  is  also  envisioned  that 
biometric  devices  will  be  incorporated  (and  encrypted  onto  the  CAC)  so  that  passwords 
will  no  longer  be  required  for  identification.  Similarly,  public  key  infrastructure  keys  can 
be  embedded  into  the  CAC.  It  is  also  anticipated  that  CACs  will  become  the  standard  for 
physical  identification— granting  access  to  government  buildings  and  activities  vice  the 
miiltiplicity  of  badges  presently  used. 

A  man  goes  to  knowledge  as  he  goes  to  war,  wide-awake,  with  fear,  with  respect,  and 
with  absolute  assurance.  Going  to  knowledge  or  going  to  war  in  any  other  manner  is  a 
mistake,  and  whoever  makes  it  will  live  to  regret  his  steps.  (Don  Juan,  quoted  by  Carlos 
Castaneda  in  The  Teachings  of  Don  Juan:  A  Yaqui  Way  of  Knowledge,  Pocket  Books,  New  York, 

1976,  p.  51.) 

Independent  Basic  Service  Set  (IBSS) 

In  wireless  local  area  networks,  a  peer-to-peer  architecture  wherein  each  workstation 
can  communicate  with  every  other  workstation.  See  extended  service  set. 

The  first  of  earthly  blessings,  independence.  (Edward  Gibbon,  1737-1794, 

Autobiography,  p.  176,  from  The  Oxford  Dictionary  of  Quotations,  Oxford  University  Press, 

New  York,  1980,  p.  224,  No.  17.) 

Index  Number 

A  numerical  score  used  to  represent  performance  that  is  a  weighted  or  average 
composite  of  several  measures  (IRMC  Measuring  Results  of  Organizational  Performance 
Course).  Index  numbers  are  used  in  a  number  of  decision  theory  techniques  though  they 
may  not  be  referred  to  as  such.  Some  metrics  are  composites  of  several  distinct 
measurements. 
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Even  in  the  valley  of  the  shadow  of  death,  two  plus  two  do  not  make  six.  (Bertrand 
Russell,  Leo  Rosten's  Carnival  of  Wit,  E,  P.  Dutton  &  Co.,  New  York,  1994,  p.  304.) 

Irifoglut — see  Information  Overload 

West's  3rd  law  of  dynamic  frustration:  The  solution  to  any  problem  is  likely  to  create 
another  problem  bigger  than  the  one  it  solves.  (Philadelphia  Daily  Nms  March  24, 1969,  p.  29, 
column  6.) 

Information 

Data  arranged  in  meaningful  patterns;  synthesized  data.  Information  tends  to  be  more 
condensed  than  data  so  that  it  takes  less  bandwidth  to  transmit.  Also,  an  appropriate 
knowledge  worker  can  convert  it  to  knowledge.  It  generally  lacks  the  contextual  factors 
(at  least  in  a  readily  usable  form)  and  is  not  immediately  actionable.  Information 
management  attempts  to  provide  information  to  the  right  persons  at  the  right  time  so  that 
it  can  be  easily  converted  to  knowledge  and  appropriately  acted  upon.  IT  can  readily 
assist  in  this  process  if  it  has  been  implemented  in  a  user-friendly  manner.  Thus, 
implementation  is  critical  to  actual  value.  In  metrics,  information  measures  tend  to  be 
output  measures  versus  outcome  measures.  They  are  normally  intermediate  variables, 
which  can  strongly  concern  specific  pieces  or  portions  of  an  enterprise,  but  not  customers, 
users,  and  enterprise  or  organizational  measures  or  metrics.  In  military  parlance,  data 
could  be  considered  tactical,  information  operational,  and  knowledge  strategic  (the  three 
levels  of  warfare).  Several  analogous  models  are  shown  in  the  table  below. 


Models  that  Parallel  Knowledge,  Information,  and  Data  (KID) 


Models/KID 

p - '"O'-/  * 

Knowledge 

Information 

Data 

Levels  of  warfare 

Strategic 

Operational 

Tactical 

DoD  architectures 

Operational 

Systems 

Technical 

Metrics  measures 

Systems 

Outputs 

Outcomes 

Information  is  "the  discernment  of  patterns  in  the  world  around  us."  J.  David 
Johnson,  quoted  by  Phil  Irish  (IRMC  Data  Management  Strategies  and  Technologies 
Course).  Taken  from  Johnson's:  Information  Seeking,  an  Organizational  Dilemma,  Westport 
CT ,  Quorum,  1996. 

Scholars  are  seldom  wise,  being  only  unaltered  people  stuffed  with  thoughts  and  books. 

(Idries  Shah,  Wisdom  of  the  Idiots,  Octagon  Press,  London,  1969,  p.  66.) 

Information  Assurance  (lA) 

The  set  of  methods  and  techniques  employed  to  protect  information,  including  all  of 
the  aspects  of  CIANA  (confidentiality,  integrity,  availability,  nonrepudiation,  and 
authenhcation).  It  also  includes  preparation  for  and  execution  of  methods  for  threat 
protection,  detection,  reaction,  and  the  restoration  after  attacks.  The  CIAO  is  the  prime 
driver  for  lA  within  the  enterprise.  lA  is  addressed  in  the  IRMC  course  Assuring  the 
Information  Infrastructure  (All),  as  well  as  in  other  courses  in  the  NSTISSI 4011 
certification  program.  To  join  the  lA  Community  Mail  List,  contact  CDR  Catherine 
Morgan,  Joint  Staff  J6,  lA  Division,  Pentagon  1C826,  Washington,  DC,  20318-6000,  fax  703- 


188 


614-7814,  to  receive  the  lA  Digest  (Military  and  government  only).  High-confidence 
networking:  http:  /  /www.darpa.mil / ito / research/hcn/ problems.html#  1;  overview  of 
lA:  http:  /  /  www.darpa.mil  /  iso  /ia  /  iabrief60  /  canon60x  /  index.htm;  lA  infrastructure: 
http:  /  /  www.darpa.mil  /iso / ia  /ssd /iavnila / index.htm;  see  A  Summary  Guide  to 
Information  Assurance:  Public  Law,  Executive  Orders,  and  Policy  Documents,  1/29199  (IRMC 
Assuring  the  Information  Infrastructure  Course).  Also,  http:/  / www.pbs.org /wgbh/ 
pages  /frontline  /shows  /hackers  /in  tendews/ schneier.html  (IRMC  Developing  Enterprise 
Security  Strategies,  Guidelines,  and  Policies  Course). 

Only  the  sure  of  foot  can  give  a  hand  to  him  who  stumbles.  (Kahlil  Gibran,  "Andrew,” 

]esus  the  Son  of  Man,  Alfred  Knopf,  New  York,  1962,  p.  147.) 

Information  Assurance  Red  Team 

Independent  and  focused  threat-based  effort  by  an  interdisciplinary  simulated 
adversary  to  expose  and  exploit  vulnerabilities  as  a  means  to  improve  the  security 
posture  of  information  systems.  This  is  the  third  (highest)  level  of  evaluating  information 
assurance  (IA)  vulnerability— the  one  in  which  the  team  has  no  a  priori  knowledge  of  the 
system.  The  General  Accounting  Office  (GAO)  used  a  red  team  to  test  the  IT 
vulnerabilities  of  the  State  Department  (DoS)  in  1998.  During  this  effort,  GAO  sent  agents 
to  penetrate  the  physical  security  of  DoS  buildings,  hack  into  their  networks,  etc.  By  such 
methods,  user  security  training,  local  area  network  administrator  defenses,  intrusion 
detection,  and  policy  implementation  were  empirically  tested.  Such  attacks  forcibly 
highlight  vulnerabilities  as  well  as  possible  improvements  needed  to  lower  these 
vulnerabilities.  Computer  emergency  response  teams  sometimes  provide  the  capability  of 
IA  red  teams.  It  is  highly  desirable  to  periodically  test  IA  vulnerabilities.  Empirical  testing 
is  the  most  powerful  method  both  technically  and  psychologically.  For  an  interview  on 
red  team  attacks  and  hackers  see:  http:/  / www.pbs.org/wgbh/ pages/ frontline/ shows/. 
hackers / interviews /rhodes.html  (IRMC  Developing  Enterprise  Security  Strategies, 
Guidelines,  and  Policies  Course). 

The  question  is  in  the  answer;  the  answer  is  in  the  question.  Is  it  Jeopardy  or  is  it  Tao? 

(The  film  Cookie's  Fortune.) 

Information  Assurance  Support  Environment  (lASE) — see  Defense  Information 
Technology  Security  Certification  and  Accreditation  Process  (DITSCAP) 

A  Web-based  DoD  help  environment  for  information  assurance  professionals.  It 
addresses  several  functional  areas:  ETA,  SABI/MLS,  DITSCAP,  policy,  C&A/ST&E, 
ITSEC  contract,  tools,  and  public  key  infrastructure.  It  provides  detailed  steps  for 
certification  activities  to  support  program  management  offices,  security  staff,  and  onsite 
information  security  system  officers  and  managers.  It  provides  online  assistance, 
automates  processes,  promotes  reuse,  reduces  documentation  requirements,  thus 
reducing  the  cost  of  C&A.  The  site  is  unclassified  but  requires  NIPRNET  (.mil  or  .gov  e- 
mail accounts/ e-dresses),  http:/ / iase.disa.mil/  and  lASE@ncr.disa.mil  703-681-IASE 
(4273)  M-F  0730-1630  (7:30  a.m.  to  4:30  p.m.).  See  system  security  authorization  agreement 
generation  tool  and  lASSURE  contract  (IRMC  Developing  Enterprise  Security  Strategies, 
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Guidelines,  and  Policies  Course).  CyberProtect  exercise  https: //iase.disa.rnil/  to  get  CDs 
from  the  Defense  Information  Systems  Agency. 

16.  The  previous  people  who  did  a  similar  analysis  did  not  have  a  direct  pipeline  to  the 
wisdom  of  the  ages.  There  is,  therefore,  no  reason  to  believe  their  analysis  over  yours.  There 
is  especially  no  reason  to  present  their  analysis  as  yours.  (David  Akin,  professor,  Univ'ersity 
of  Maryland,  "Akin's  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and 
confirmed  by  Dr.  Akin  dakii-i@umd.edu  or  DA K IN@SSI  „ UM D, l-Dl  J.  See 
http:/ / spacecraft.ssl.umd.edu / academics/ akins  lavvs.html . ) 

Information  Density — see  Knowledge  Density  and  Data  Density 

The  percentage  of  information  (vice  data  or  knowledge)  in  a  particular 
communication.  The  three  are  a  zero  sum  game  (i.e.,  the  sum  of  the  three  densities  is  100 
percent,  so  if  one  increases,  another  must  decrease  to  the  same  extent).  Much  human 
communication  today  is  informational  (while  computer  communications  are  generally 
data).  Higher  knowledge  densities  increase  the  ability  of  recipients  to  understand  (since 
context  is  included)  and  act  upon  the  input. 

To  think  justly,  we  must  understand  what  others  mean:  To  know  the  value  of  our 
thoughts  we  must  try  their  effect  on  other  minds.  (William  Hazlitt,  "On  People  of  Sense," 

The  Plain  Speaker,  1826,  from  The  International  Thesaurus  of  Quotations,  Rhoda  Thomas  Tripp, 

Harper  &  Row,  New  York,  1970,  p.  93,  entry  148,  No.  7.) 

Information  Exchange  Requirements  (lERs)  and  Standards  (lESs) 

Communications  requirements  often  for  tactical  units.  The  infrastructure  implemented 
to  enable  them  include  tactical  data  links  (TDLs),  which  include  tactical  digital 
information  links  (TADILs)  implemented  on  Link  11,  Link  16,  and  Link  22  and  the 
variable  message  format  (VMF),  which  are  used  on  different  platforms  for  different  types 
of  transmissions.  They  use  standard  data  formats  such  as  the  U.S.  message  text  format 
(USMTF)  and  TADIL-J  (http:  /  /  www.sfasys.co.uk  /  fdl  / tdlT.htm  http:  /  /  vvww- 
ita.itsi.disa.mil/jta/ita-vL0/sect4.htm].  and  http: // www.fas.org/irp /program / 
disseminate/ tadil.htm).  The  links  are  tied  to  NATO  standards  (see  STAN  AG  5516,  TADIL 
J  Message  Standard,  4/30/99  and  STANAG  5522  for  Link  22),  and  the  latest 
implementation  of  Link  16/TADIL-J  (multifunctional  information  distribution  system, 
MIDS)  was  developed  under  an  international  cooperative  development  program  (IRMC 
Advanced  Information  System  Acquisition  Course). 

Alan  Watts  once  said,  "You  do  not  go  to  a  restaurant  to  eat  the  menu."  (Peter  Block, 

Stewardship,  Berrett-Koehler  Publications,  San  Francisco,  1993,  p.  210.) 

Information  Infrastructure— see  Defense  Information  Infrastructure,  Global  Information 
Grid,  and  National  Information  Infrastructure 

The  set  of  interconnected  and  interdependent  networks  and  systems  (industrial, 
commercial,  governmental,  etc.)  that  create,  distribute,  and  use  information.  It  primarily, 
however,  focuses  on  those  employing  IT  as  a  major  portion  of  their  core  functioning.  The 
Department  of  Defense  further  focuses  on  those  aspects  of  the  information  infrastructure 
that  could  effect  the  security  of  the  United  States,  and  the  smooth  functioning  of  its 
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government  at  all  levels,  or  society  as  a  whole.  It  encompasses  the  basic  underlying 
resources  used  for  information  management  including  supporting  data,  architecture, 
models,  technology,  metadata,  processes,  procedures,  and  standards.  Department  of 
Commerce  Secretary  chairs  the  Information  Infrastructure  Task  Force  (IITF): 
http: /  / nii.nist.gov / ,  http: /  / www.ibiblio.org/nii/NII-Task-Force.htmI  and 
http:  /  /nsi.org  /  Library /Compsec/  nii.txt. 

...  falling  streams,  which  hurrying  from  heaven  to  earth,  cared  not  how  they  went,  so  it 
were  downwards.  (George  MacDonald,  The  Portent,  Harper  &  Row,  New  York,  1979,  pp.  3— 

4.) 

Information  Literacy  (IL) 

Competence  in  information-age  skills  enabling  a  person  to  recognize  when 
information  is  or  is  not  needed  and  how  to  locate,  evaluate,  integrate,  use,  and  effectively 
communicate  information.  The  Department  of  the  Navy  Chief  Information  Officer  has  an 
IL  toolkit  available  on  a  CD  to  approved  parties.  Artificial  intelligence  (AI)  methods  have 
also  been  employed  to  enhance  a  seeker's  ability  to  locate  information.  For  example,  the 
knowledge-centric  organization  toolkit  version  2.0  incorporates  a  case-based  reasoning 
tool  to  help  users  find  items  of  interest  on  the  CD.  Commercial  vendors  sell  numerous 
tools  to  assist  in  similar  searches  beyond  the  standard  keyword  searches  provided,  for 
instance,  by  Microsoft  Windows  Explorer. 

People  who  think  they  know  everything  are  particularly  aggravating  to  those  of  us  who 
do.  (Poster) 

Information  Management  (IM);  Corporate  Information  Management 

The  creation,  use,  sharing,  and  disposition  of  information  as  a  resource  critical  to  the 
effective  and  efficient  operation  of  functional  activities.  The  structuring  of  functional 
processes  to  produce  and  control  the  use  of  data  and  information  within  functional 
activities,  information  systems,  and  computing  and  communications  infrastructures 
(DoDD  8000.1).  IM  depends  not  only  upon  IT  but  also  upon  humans.  As  Thomas 
Davenport  points  out  in  "Saving  IT's  Soul:  Human-Centered  Information  Management" 
(Harvard  Business  Review,  94203),  "Most  of  the  information  in  organizations— and  most  of 
the  information  people  really  care  about — isn't  on  computers.  Managers  prefer  to  get 
information  from  people  rather  than  computers,  people  add  value  to  raw  information  by 
interpreting  it  and  adding  context.  The  more  complex  and  detailed  an  IM  approach,  the 
less  likely  it  is  to  change  anyone's  behavior  . . .  Grand  IT  schemes  that  don't  match  what 
rank-and-file  users  want  simply  won't  work"  (IRMC  Data  Management  Strategies  and 
Technologies  Course).  See  Information  Management  (IM)  Strategic  Plan:  Information 
Superiority  (version  2.0,  DoD  CIO,  October  1999)  and  http:/ / www.c3i.osd.mil/ org/ cio/. 
doddos.html  for  links  to  component  chief  information  officer  sites  and  IM  plans  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  DoDD  8000.1  (October  27, 
1992)  Defense  IM  Program  includes  process  improvement,  information  resources 
management,  supporting  IT  and  services,  security/integrity/survivability  are  part  of  the 
Department  of  Defense  mission  and  all  functional  processes  with  security  commensurate 
with  risk  and  potential  harm;  the  Assistant  Secretary  of  Defense  (Command,  Control, 
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Communications  and  Intelligence)  has  cognizance  (IRMC  Assuring  the  Information 
Infrastructure  Course). 


Society  for  Information  Management;  http:  /  / w vvvv.simnet.org  / 

About  Information  Management:  http://vvwvv.findarticles.com/cf  dls/ 
mOBLB/2  23/61298114/pl /article.ihtml 

Advanced  Information  Management:  http:/ /www.aim-sw.net/. 


The  question  of  communication  is  not  the  mere  fact  of  communication,  but  the  creation 
of  new  understanding.  (Stewart  Edward  White,  The  Unobstructed  Universe,  E.  P.  Ehjtton  & 

Co.,  New  York,  1945,  p.  256.) 

Information  Map — see  Knowledge  Networks  and  Information  Management 

A  system  (usually  IT)  that  provides  the  location  and  availability  of  the  most  widely 
used  information  such  as  IBM's  "Catalog  of  Information"  (e.g.,  hands-on  network 
environment  or  HONE).  Some  organizations  have  yellow  pages  to  allow  people  to  locate 
needed  knowledge,  information,  and  data  as  required.  Organizations  can  also  provide 
domain  specific  products  to  help  locate  information  (e.g.,  IBM's  "Guide  to  Market 
Information  ).  Hallmark  established  "information  guides"  to  translate  between 
information  users  and  the  IT  staff  (IRMC  Data  Management  Strategies  and  Technologies 
Course).  Knowledge  networks  connect  knowledgeable  people  within  an  organization. 

Maybe  everyone  carries  a  plan  inside,  but  it's  a  faded  map  that's  hard  to  read  and  that's 
why  we  wander  around  so  and  sometimes  get  lost.  (Isabel  Allende,  The  Infinite  Plan,  Harper 
Collins,  New  York,  1991,  p.  379.) 

Information  Operations  (lO) — see  DoDD  S-3600.1,  Information  Operations,  December  9 
1996  (SECRET/NOFORN) 

Those  actions  taken  to  affect  an  adversary's  information  and  information  systems 
while  defending  one's  own  information  and  information  systems.  (JPl-02).  Information 
operations  also  include  actions  taken  in  a  noncombat  or  ambiguous  situation  to  protect 
one's  own  information  and  information  systems  as  well  as  those  taken  to  influence  target 
information  and  information  systems  (JV  2020).  Such  operations  include  computer 
network  attack  (CNA)  and  computer  network  defense  (CND)  as  well  as  other  information 
assurance  (lA)  activities  and  counter-deception.  One  challenge  for  lO  is  integrating  it  into 
more  traditional  military  operations. 

See  Daniel  Kuehl's  "Defining  Information  Power"  (Strategic  Forum  Series,  National 
Defense  University  Press,  June  1997,  No.  115,  http://\Aww.ndu.edu/inss/ 
strforum/forumi  1 5.html).  Offensive  lO  (OIO)  has  the  greatest  impact  during  peace  or  during 
early  stages  of  a  crisis;  Defensive  lO  (DIO)  consists  of  protect-detect-restore-respond 
(PDRR)  functions.  Defensive  Information  Operations  (CJCSI  6510.01B,  change  1  of  August  26, 
1988)  addresses  computer  incident  response  teams/ computer  emergency  response  teams, 
the  Defense  Information  Systems  Agency's  Global  Operations  and  Security  Centers 
(GOSCs),  information  assurance  vulnerability  alerts  (lAVAs),  automated  system  security 
incident  support  team  (ASSIST),  and  their  reporting  chains  and  relationships.  Joint 
Doctrine  for  Information  Operations  Qoint  Pub.  3-13  of  October  9, 1998)  codifies  for  the 
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warfighter  how  lO  will  serve  as  an  integral  part  of  all  military  operations  and  its  links  to 
the  Crisis  Action  Planning  Process  (C  APP),  the  Joint  Operations  Planning  and  Execution 
System  0OPES),  and  the  Joint  OPORD/ CONPLAN/ OPLAN  of  any  joint  force.  General 
Gordon  Sullivan,  former  Army  Chief  of  Staff,  noted  that  in  the  2P'  century  "Information  is 
the  currency  of  victory  on  the  battlefield"  (IRMC  Assuring  the  Information  Infrastructure 
Course). 


Wise  men  profit  more  from  fools  than  fools  from  wise  men;  for  the  wise  men  shun  the 
mistakes  of  fools,  but  fools  do  not  imitate  the  successes  of  the  wise.  (Marcus  Porcius  Cato, 
the  Elder,  234-149  B.C.,  from  Plutarch's  Lives,  Cato,  Section  8,  from  Familiar  Quotations  by 
John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  107.) 

Information  (and/or  Data)  Overload  (Infoglut) 

"Society  will  face  a  deluge  of  data  within  50  years."  Richard  Meier,  1962. 

"Information  is  cheaper,  faster,  and  denser  than  ever  before."  David  Schenk,  1997. 

"We  have  transformed  information  into  a  form  of  garbage."  Neil  Postman,  Ph.D. 
"Gartner  Group  estimates  that  'infoglut'  will  become  a  mission-critical  crisis  by  1999." 
PR  Newswire,  December  16, 1996. 

Data  overload  is  90  percent  self-inflicted  and  only  10  percent  externally  inflicted. 

In  1996  Reuters  Business  Information  Group  surveyed  1,300  mid-level  managers 
around  the  world  and  found  that  40  percent  reported  physical  illness  due  to  infoglut,  50 
percent  didn't  use  all  of  the  information  available  to  them  in  making  decisions,  and  30 
percent  wanted  more  information. 

Gartner  Group  estimates  that  only  10  percent  of  information  is  ever  analyzed. 

Don  Keough,  past  president  of  Coca  Cola,  said  that  "Whoever  has  the  information  the 
fastest  and  uses  it:  wins." 

"The  reason  to  collect  data  is  to  reduce  uncertainty,"  but  too  much  increases 
uncertainty  and  frustration,  decreases  altruism,  impairs  decision  making,  creates 
overconfidence,  and  causes  physiological  effects. 

The  effects  of  data  overload  are:  attention  deficit,  confusion,  increased  uncertainty. 
"Disconcertingly,  it  is  possible  that  people  will  become  so  overloaded  with 
information  they  will  'escape,'  turning  to  demagogues  who  offer  simple  solutions  to 
increasingly  complex  problems."  Johnson,  1996.  [from  the  IRMC  Data  Management 
Strategies  and  Technologies  Course,  February  14-18, 2000,  Phil  Irish,  irishp@nd  u.ed  uj . 

There  has  been  more  information  produced  in  the  past  30  years  than  during  the 
previous  5,000.  (Richard  S.  Wurman,  Information  Anxiety,  quoted  by  Price  Pritchett,  The 
Employee  Handbook  of  New  Work  Habits  for  a  Radically  Changing  World,  Pritchett  &  Associates, 

Dallas,  TX,  1994,  p.  20.) 

Information  Resources  Management  (IRM) 

A  predecessor  term  to  IT.  Thus,  under  the  Defense  Acquisition  Workforce 
Improvement  Act,  the  communications  and  computers  specialty  area  abbreviation  is  IRM. 
Automated  information  systems  (AIS)  and  automated  data  processing  (ADP)  are  also 
predecessor  terms.  Prior  to  consolidation  of  DoD  5000  and  DoD  8000  series  documents. 


193 


the  Major  Automated  Information  System  Review  Council  (MAISRC)  reviewed  major 
AIS  programs. 

The  process  of  managing  information  resources  to  accomplish  agency  mission.  The 
term  encompasses  both  information  itself  and  the  related  resources,  such  as  personnel, 
equipment,  funds,  and  IT  (0MB  Circular  A-130)  (IRMC  Data  Management  Strategies  and 
Technologies  Course). 

The  IRM  Program  (DoDD  7740.1,  June  20, 1983)  implements  the  Paperwork  Reduction 
Act,  with  the  Assistant  Secretary  of  Defense  (Comptroller)  having  oversight  (IRMC 
Assuring  the  Information  Infrastructure  Course). 

Brooks'  Law:  If  software  is  late,  by  putting  more  people  on  it,  you  can  make  it  even 
later.  (Fred  Brooks,  The  Mythical  Man-Month,  Addison-Wesley,  Reading,  MA,  1975.) 

Information  Resources  Management  College  (IRMC),  http:  /  / www.ndu.edii  /irmc/ 

IRMC  is  the  DoD's  college  for  IT  and  related  studies.  It  is  part  of  the  National  Defense 
University  (NDU).  IRMC  offers  a  chief  information  officer  (CIO)  certificate  program  and 
an  NSTISSI 4011  certification  program.  A  considerable  amount  of  the  portions  of  this 
pocket  encyclopedia  was  taken  from  the  experience  and  materials  from  ten  courses  taken 
at  IRMC  resulting  in  the  attainment  of  the  two  certificates.  These  include: 

All:  Assuring  the  Information  Infrastructure  (NSTISSI  required  course,  former  CIO 
primary  course) 

CST:  Critical  Information  Systems  Technologies  (NSTISSI  required  course,  CIO 
primary  course) 

DMS:  Data  Management  Strategies  and  Technologies  (CIO  primary  course) 

ESS:  Developing  Enterprise  Security  Strategies,  Guidelines,  and  policies  (NSTISSI 
required  course) 

IRM303:  Advanced  Information  System  Acquisition  (also  applicable  to  DAWIA  IRM 
certification) 

Leadership  for  the  2T*  Century  (CIO  primary  course) 

MOP:  Measuring  Results  Of  Organizational  Performance  (required  for  CIO  certificate) 

NWC:  New  World  of  the  CIO  (required  survey  course  of  the  10  federal  CIO 
competencies) 

SAM301:  Advanced  Software  Acquisition  Management  (CIO  elective  course) 

SEC:  Managing  Information  Security  in  a  Networked  Environment  (CIO  primary 
course,  NSTSSI  required). 

Human  history  becomes  more  and  more  a  race  between  education  and  catastrophe.  (H. 

G.  Wells,  quoted  by  Karen  Goertzel,  January  17, 1996,  wangfed.com.) 

National  Defense  University  Library:  http:/  / www.ndu.edu  /library /library. html 

National  Defense  University  home  page:  http:  /  /  www.nd u.edii. 

Information  Security  (IS)  (INFOSEC) — see  Defense  Information  Systems  Agency 

The  process  of  protecting  information  (systems)  from  misuse  or  unauthorized  use. 

GAO  compiled  industry  best  practices  in  IS  in  their  Executive  Guide  to  Information  Security 
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Management:  Learning  from  Leading  Organizations  (GAO/  AIMD-98-21  Exposure  Draft, 
November  1997).  See  "defense  in  depth"  above.  Essential  elements  of  good  IS  (according 
to  the  Government  Accounting  Office)  include:  a  central  management  focal  point,  a 
routine  process  for  assessing  risks,  a  comprehensive  and  current  set  of  written  policies, 
adequate  security  awareness  among  employees,  and  effective  monitoring  and  evaluation 
of  policies  and  controls,  and  an  adequate  IS  plan  (IRMC  Managing  Networked  Security  in 
a  Networked  Environment  Course).  See  Defense  Appropriations  Act  (P.  L.  106-65, 

October  5, 1999,  subtitle  E — Information  Security,  Section  1041-5)  and  DoD  Information 
Security  Program  (DoDD  5200.1,  Jime  7, 1982,  as  updated  through  April  15, 1994,  via 
change  2);  Information  Security  Program  Regulation  (DoD  5200.1-R  change  1  of  June  27, 

1988)  (IRMC  Assuring  the  Information  Infrastructure  Course).  The  three  pillars  of 
INFOSEC:  provide  a  means  for  calibrating  the  degree  of  risk  associated  with  valuable 
information  and  processes;  define  a  set  of  controls  for  assessing  and  compensating  for 
weaknesses  in  each  layer  of  technology  and  the  associated  procedures;  assist  the 
enterprise  in  categorizing  the  nature  of  the  threat  facing  it. 

There  are  numerous  techniques  for  increasing  personnel  sensitivity  to  INFOSEC  issues 
and  improving  an  organization's  posture  including:  vulnerability  demos,  risk 
assessments,  audits,  illegal  software  checks,  establishing  a  management  oversight 
committee,  penalties  for  violations,  amnesty  day  for  violators  who  wish  technical 
assistance  to  become  compliant,  armual  INFOSEC  Day,  employee  signatures  on 
statements  of  policy  and  compliance,  articles  for  in-house  periodicals,  add  items  to  help 
screens,  software  disk  with  self-help  and  assessment,  CyberProtect  "game,"  public  key 
infrastructure,  on-screen  security  banners,  trinkets  (coffee  mugs/ mouse  pads/ 
coasters/air  fresheners).  The  NIST  special  publication  Self-Assessment  Guide  for  IT  Systems 
(800-XX,  March  9, 2001)  provides  a  method  to  assess  IT  security  programs  and  establish 
targets  for  improvement  using  an  extensive  questionnaire  with  specific  control  objectives 
(301-975-3293,  marianne.swanson@nist.govI  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course). 

Why  does  a  man  have  two  ears  and  one  mouth?  ...  so  that  he  can  listen  twice  as  much  as 
he  talks.  (Gina  Cerminara,  Many  Lives,  Many  Loves,  William  Sloan  Associates  Publishers, 

New  York,  1963,  p.  143.) 

AllNet  InfoSec  Internet  Protection  Services:  http:/  /all .net/ 

Internet  Security  Systems  Internet  Scanner:  http:/ /iss.net/ 

Computer  Security  Institute  (CSI):  http:  /  / www.gocsi.com 

National  Computer  Security  Association  (NCSA):  http:/  / www.ncsa.com 

http://iweb.nosc.mil/services/security/html/ person~l.html 

FAQs:  http:  /  /www  .vtcif.telstra.com.au  /info/ security.html 

http:  /  /  www.alw.nih.gov  /  Security 

http:  /  /  www.fish.com/  satan 

Network  Security  Institute  (NSI):  http:  /  /  www.nsi.org/ compsec.html 
http:  /  /  www.netsurf.com  /  nsf  /  vOl  /  01  /  nsf.Ol  .01  .html 
http:  /  /  www.whitehats.com  / 

Misc:  http:  /  /  www.alw.nih.gov  /  Security  /  security-docs.html 
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Computer  Security  Institute:  http://www.gocsi.corn 
Computer  Security  Nezus  Daily:  http:  /  / www.mountainwave.com 
DoD  Security  Institute:  http:/ /www. dtic.mil/ dodsi /bulletin. html  replaced  by  the 
DSS  Academy:  http:/  /www.dss  mil  /training/ 

Navy  INFOSEC  site:  https: / /infosec. navy. mil /. 

Information  Security  Analysis  Center  (ISAC)— see  Presidential  Decision  Directive  (PDD) 
63 

Organization  set  up  in  accordance  with  PDD’'63  that  acts  similar  to  an  early  warning 
computer  emergency  response  team  by  sharing  information  security  information  among 
industry  and  government  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines, 
and  Policies  Course). 

Presidential  Decision  Directive  63  (PDD-63): 
http:/ /vvvvvv.t'as.org/irp/offdocs/pdd/index.html. 

I  am  sick  and  tired  of  war.  Its  glory  is  all  moonshine.  Only  those  who  have  never  fired  a 
shot  nor  heard  the  shrieks  and  groans  of  the  wounded  cry  aloud  for  blood,  more  vengeance, 
more  destruction.  War  is  Hell.  (William  Tecumseh  Sherman,  Leo  Rosten's  Carnival  of  Wit,  E. 

P.  Dutton  &  Co.,  New  York,  1994,  p.  499.) 

Information  Superiority  (IS) — cf.  Knowledge  Superiority 

The  capability  to  collect,  process,  and  disseminate  an  uninterrupted  flow  of 
information  while  exploiting  or  denying  an  adversary's  ability  to  do  the  same  {JPl-02). 
Information  superiority  is  achieved  in  a  noncombat  situation  or  one  in  which  there  are  no 
clearly  defined  adversaries  when  friendly  forces  have  the  information  necessary  to 
achieve  operational  objectives  (JV  2020).  That  degree  of  dominance  in  the  info-domain 
which  allows  friendly  forces  the  ability  to  collect,  control,  exploit,  and  defend  info  without 
effective  opposition  (AFDD  2-5,  USAF,  1998).  IS  is  a  key  enabler  of  victory,  but  it  is 
transitory  in  nature  and  must  be  created  and  sustained  by  the  joint  force  through  the 
conduct  of  information  operations;  information  superiority  is  not  an  end  unto  itself. 

Change  is  a  matter  of  personal  responsibility,  not  a  response  to  the  expectations  of  those 
above  or  below  us.  (Peter  Block,  Stavardship,  Berrett-Koehler  Publications,  San  Francisco 
1993,  p.  229.) 

Information  System  (IS) 

(1)  The  entire  infrastructure,  organization,  personnel,  software,  and  components  that 
collect,  process,  store,  transmit,  display,  disseminate,  and  act  on  information  {Glossary  of 
IM/IT  &  KM  Terms).  Part  of  the  global  information  grid  (GIG)  or  defense  information 
infrastructure  (DII). 

(2)  A  discrete  set  of  information  resources  organized  for  the  collection,  processing, 
maintenance,  transmission,  and  dissemination  of  information,  in  accordance  with  defined 
procedures,  whether  automated  or  manual  {0MB  Circular  A-130)  (IRMC  Data 
Management  Strategies  and  Technologies  Course). 
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Reality  is  for  people  who  can't  handle  science  fiction.  (Quoted  by  Tom  Zmudzinski, 

Defense  Information  Systems  Agency,  January  18, 1996.) 

Information  System  Integration  (IS  Integration) 

The  process  of  transitioning  numbers  of  legacy  systems  into  an  integrated  system 
(usually  making  the  resulting  system  interoperable  with  the  larger  environment).  The 
process  includes  conducting  business  process  reengineering  (government  reinvention)  to 
determine  the  need  for  process  or  system  redesign,  consolidation,  or  elimination.  It  results 
in  a  major  reduction  in  separate  applications  and  operating  and  maintenance  costs.  It  also 
involves  the  analysis  of  contractor  off-the-shelf  alternatives,  further  emphasizing 
standardization  and  rationalization.  Present  efforts  by  Task  Force  Web  and  program 
executive  officer  for  IT  (PEO-IT)  (for  the  Navy /Marine  Corps  Intranet)  necessitate  such 
application  analyses  and  consolidation. 

Only  those  who  start  with  skepticism  can  open  themselves  to  true  adventure.  (David 
Brin,  Heaven's  Reach,  Bantam  Books,  New  York,  1998,  p.  53.) 

INFOrmation  systems  SECurity  (INFOSEC) 

The  protection  of  information  systems  against  unauthorized  access  to  or  modification 
of  information,  whether  in  storage,  processing,  or  transit,  against  the  denial  of  service  to 
authorized  users  or  the  provision  of  service  to  unauthorized  users,  including  those 
measures  necessary  to  detect,  document,  and  counter  such  threats  {Glossary  of  IM/IT  &  KM 
Terms).  INEOSEC  includes  those  efforts  employed  in  information  assurance.  See  John 
Egan's  "Information  Security  Threats  to  Software  Intensive  Systems"  {1997  Software 
Technology  Conference,  April  27-May  2, 1997)  (IRMC  Advanced  Software  Acquisition 
Management  Course). 

Many  years  ago,  when  I  worked  as  a  volunteer  at  a  hospital,  1  got  to  know  a  little  girl 
named  Liz  who  was  suffering  from  a  rare  and  serious  disease.  Her  only  chance  of  recovery 
appeared  to  be  a  blood  transfusion  from  her  5-year  old  brother,  who  had  miraculously 
survived  the  same  disease  and  had  developed  the  antibodies  needed  to  combat  the  illness. 

The  doctor  explained  the  situation  to  her  little  brother,  and  asked  the  little  boy  if  he  would 
be  willing  to  give  his  blood  to  his  sister.  1  saw  him  hesitate  for  only  a  moment  before  taking 
a  deep  breath  and  saying,  "Yes,  I'll  do  it  if  it  will  save  her."  As  the  transfusion  progressed, 
he  lay  in  bed  next  to  his  sister  and  smiled,  as  we  all  did,  seeing  the  color  returning  to  her 
cheeks.  Then  his  face  grew  pale  and  his  smile  faded.  He  looked  up  at  the  doctor  and  asked 
with  a  trembling  voice,  "Will  I  start  to  die  right  away?"  Being  young,  the  little  boy  had 
misunderstood  the  doctor;  he  thought  he  was  going  to  have  to  give  his  sister  all  of  his  blood 
in  order  to  save  her.  (Received  via  Internet  e-mail;  this  is  an  Urban  Legend.  See 
http:/  /ww^v.snopes2.com/  or  Jack  Canfield  and  Mark  Victor  Hansen.  Chicken  Soup  for  the 
Soul.  Deerfield  Beach,  FL:  Health  Communications,  1993.  ISBN  1-55874-291-3  (pp.  27-28).) 

INFOSEC  Assessment  Methodology  (lAM) — see  Audit  and  Presidential  Decision 
Directive  63 

The  National  Security  Agency's  method  of  assessing  the  security  posture  of  an 
enterprise.  It  attempts  to  identify  vulnerabilities  and  to  recommend  elimination  or 
mitigation  of  them.  It  uses  no  hands-on  testing;  is  conducted  by  request  only;  requires 
management  buy-in;  depends  on  cooperation  of  people;  is  conducted  on  a  nonattribution 
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basis;  and  treats  findings  as  proprietary.  It  provides  system  owners  with  a  level  of 
confidence  regarding  the  security  of  sensitive  but  unclassified  information  per  federal 
law.  lAM  helps  determine  what  information  is  critical  to  the  organization,  what  system 
processes  store/ transmit  that  critical  information,  what  information  systems  security 
(INFOSEC)  posture  to  take,  what  the  potential  vulnerabilities  are,  and  what  solutions  can 
be  used  to  mitigate  or  eliminate  these  vulnerabilities.  It  involves  three  phases: 
preassessment  (to  refine  customer  needs,  gain  an  understanding  of  the  criticality  of 
customer  information;  identify  system  and  its  boundaries;  coordinate  logistics  with  the 
customer,  and  write  an  assessment  plan),  on-site  activities  (to  explore  and  confirm  the 
information  and  conclusions  made  during  phase  one;  to  perform  data  gathering  and 
validation  via  interviews,  documentation,  and  system  demonstrations;  and  to  provide 
initial  analysis  and  feedback  to  the  customer),  and  post-assessment  (to  finalize  analysis 
and  prepare  and  coordinate  the  final  report). 

The  assessment  team  includes  the  team  lead,  one  or  two  other  team  members,  and  a 
customer  team  member  supported  by  customer  representatives  (upper-level  manager, 
functional  are  representatives,  senior  system  manager,  and  senior  INFOSEC  manager). 
The  timeline  includes:  preassessment  visit  (1-2  days),  preassessment  {2-A  weeks),  on-site 
visit  (1—2  weeks),  and  post-assessment  period  (2-8  weeks).  The  preassessment  phase  is 
essential  to  manage  customer  expectations  and  to  understand  customer  needs;  a  shared 
understanding  of  the  scope  and  level  of  detail  (abstraction)  must  be  achieved.  A  criticality 
matrix  should  be  constructed  with  the  various  types  of  information  used  by  the 
organization  versus  CIANA  (confidentiality,  integrity,  availability,  nonrepudiation,  and 
authentication)  requirements.  The  matrix  is  filled  with  high,  medium,  or  low  impact  (i.e., 
H,  M,  or  L  is  placed  in  each  block/ cell  as  appropriate).  Interviews  during  the  on-site  visit 
should  last  one  half  hour  to  2  hours;  interviewees  may  ask  the  interviewers  (two  are 
recommended)  for  copies  of  their  notes  from  the  interview. 

It  is  important  to  capture  both  official  and  unofficial  procedures.  Baseline  information 
categories  include:  INFOSEC  documentation,  INFOSEC  roles  and  responsibilities, 
identification  and  authentication,  account  management,  session  control,  external 
connectivity,  telecommunications,  auditing,  virus  protection,  contingency  planning, 
maintenance,  configuration  management,  backups,  labeling,  media  sanitization/ disposal, 
physical  environment,  personnel  security,  training  and  awareness,  encryption/public  key 
infrastructure.  Documentation  should  include:  policy,  guidelines  and  requirements, 
system  security  plans  (SSPs),  standard  operating  procedures  (SOP),  and  user  system 
security  manuals.  Senior  security  officials  include:  designated  approval  authority,  critical 
infrastructure  assurance  officer,  chief  information  officer,  chief  information  security 
officer,  information  system  security  manager,  and  information  system  security  officer. 

The  on-site  visit  includes  both  in-brief  and  out-brief  of  initial  findings  (IRMC  Developing 
Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

Present  suffering  is  not  enjoyable,  but  life  would  be  worth  little  without  it.  The 
difference  between  iron  and  steel  is  fire,  but  steel  is  worth  all  it  costs.  Iron  ore  may  think 
itself  senselessly  tortured  in  the  furnace,  but  when  the  watch  spring  looks  back,  it  knows 
better.  (Rufus  Babcock,  quoted  by  Jacob  Braude  in  Nsxv  Trcnsun/  of  Stories  for  Every  Speaking 
and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  17.)  ' 
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Information  Technology  (IT) — see  Software 

Computer  hardware  and  software  used  in  the  acquisition,  storage,  manipulation, 
management,  movement,  control,  display,  switching,  interchange,  transmission,  or 
reception  of  knowledge,  information,  or  data.  IT  includes  computers,  ancillary 
equipment,  software,  firmware,  networks  and  systems,  services  (including  support 
services),  and  related  resources.  In  accordance  with  the  principles  of  acquisition  reform, 

IT  today  is  primarily  contractor  off-the-shelf  (COTS)  with  some  tailoring.  Generally,  the 
rule  of  thumb  is  that  the  build  or  buy  break  point  is  80  percent  COTS  and  20  percent 
tailoring.  Thus,  projects  should  plan  for  0-10  percent  tailoring  to  allow  for  unanticipated 
growth  in  tailoring  or  new  code.  The  Navy  and  Marine  Corps  Intranet,  for  instance,  has 
used  acquisition  reform  imperatives  toward  performance  versus  design  specifications  by 
awarding  a  large  seat  management  contract.  In  seat  management,  the  purchaser  contracts 
for  a  number  of  seats  with  specified  performance  and  support.  In  addition,  the  contractor 
may  have  a  technology  refresh  cycle  requiring  that  performance  be  upgraded  on  a  regular 
basis  to  match  a  standard  or  benchmark.  The  purchaser  does  not  own  the  equipment, 
software,  or  even  the  connectivity  (wires,  local  area  networks,  etc.). 

With  advances  in  equipment,  quantity  discounts,  and  other  areas,  software  has 
become  the  driver  for  both  IT  costs  and  performance.  While  irmumerable  vendor 
solutions  abound,  many  are  only  partial  solutions  such  that  implementing  them  across  an 
enterprise  becomes  a  major  challenge  to  a  CIO.  An  "IT  Management  Planmng  Tool"  CD- 
ROM  developed  by  (and  available  from)  the  Department  of  Commerce  is  a  self-guided, 
step-by-step  assessment  of  a  company's  IT  use  and  helps  with  IT-related  investment 
improvements.  It  includes  a  video  on  IT  benefits,  a  users'  manual,  and  Web  links 
(Leadership  for  the  New  Millennium:  Delivering  On  Digital  Progress  and  Prosperity,  3'''  annual 
report  of  the  U.S.  Government  Working  Group  on  Electronic  Commerce,  January  16, 
2001).  IT  includes  automated  digital  processing  (ADP)  as  defined  in  Section  111(a)(2)  of 
the  Federal  Property  and  Administrative  Services  Act  of  1949;  however,  0MB  Circular  A- 
130  excludes  certain  critical  national  security  missions  defined  in  44  U.S.C.  3502(2)  and  10 
U.S.C.  2315  (IRMC  Data  Management  Strategies  and  Technologies  Course).  According  to 
Wiley's  The  Healthy  Software  Project  (1995),  IT  projects  fail  for  a  number  of  reasons. 


Why  IT  Projects  Fail 


Reason 

% 

Litigation  time 

% 

Inadequate  resources 

69 

Up  to  a  year 

60 

Unrealistic  deadlines 

67 

Up  to  two  years 

20 

Unclear  direction 

63 

Up  to  eight  years 

20 

Uncommitted  team 

59 

Insufficient  planning 

56 

Changes  in  direction 

42 

Conflict  between  teams 

35 

Main  problem  areas  include:  cost  and  schedule  estimation  (incomplete  or  inaccurate 
estimates,  misrepresented  contractor  capabilities,  poor  historical  data,  poor  timing,  poor 
use  of  models),  reuse/COTS  (tmable  to  integrate,  dysfxmctional  reuse  code,  unavailable 
code,  insufficient  planning,  contractor  relationships,  dangerous  assumptions,  plan  to  use 
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as-is),  contractor  capability  (insufficient  experience  in  the  domain,  organizational  interface 
problems,  poor  testing  (staff,  plan,  or  consensus),  geographic  separation,  incomplete 
source  selection  considerations,  resource  loading  mismatch,  incomplete  life-cycle 
development  planning),  risk  management  (inadequate  planning  and  implementation, 
poor  mitigation  strategies,  poor  risk  tracking,  lack  or  commitment  to  risk  management), 
requirements  management  (ambiguous  requirements,  uncoordinated  requirements  with 
stakeholders,  insufficient  change  control,  poor  cost/benefit  analyses,  poor  criticality 
analyses,  poor  coordination  among  designers,  developers,  and  testers),  and  test  methods 
or  processes  (domain  knowledge  deficiencies,  poor  test  planning,  insufficient  software 
quality  involvement,  insufficiently  comprehensive  planning/testing).  Warning  signs: 

proposed  reuse  rate,  large  delta  between  bids,  immature  risk  and  development 
plans,  no  reuse  plan,  personnel  instability  (>10  percent  per  year  turnover),  high  defect 
density  (>4  defects  per  1,000  source  lines  of  code  (SLOC))  and  high  requirements 
mstability.  People  +  Process  +  Technology  model  and  a  life-cycle  mentality;  people  bum- 
in  (IRMC  Advanced  Software  Acquisition  Management  Course), 
http:/ /www.microsoft.com/indonesia/enterprise/itadvisor.html: 

Military  Information  Technology  online:  http: // www.mit-kmi.mm  /  and  Chips 
Mu^cizinc  published  by  the  DON  CIO  and  SPA  WAR:  http:  /  /  www.chips.navy.mil  /. 


The  art  of  progress  is  to  preserve  order  amid  change,  and  to  preserve  change  amid 
order.  (Alfred  North  Whitehead,  Process  ciiid  Renliti/,  quoted  by  Jacob  Braude  in  Neio 
Treastm/  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood 
Cliffs,  Nj,  June  1961,  p.  sil.) 

Information  Technology  Architecture  (IT A) — see  Architecture  Framework  and  CTSR 
Integration  Support  Activity 

The  ITA  is  described  in  the  Chief  Information  Officer  (CIO)  Guidance  for  IT  As, 
Development,  Maintenance,  and  Implementation  of  Agency  ITAs  (Memorandum  M-97-16,  June 
18, 1997),  promulgated  by  Franklin  D.  Raines,  Office  of  Management  and  Budget  (OMB). 
This  memo  transmits  guidance  to  federal  agencies  on  the  development  and 
implementation  of  ITAs,  and  describes  how  ITAs  increase  interoperability  and  reduce 
redundancy.  It  refers  to  the  Clinger-Cohen  Act  and  OMB  Memorandum  97-02,  Funding 
Information  Systems  Investments,  and  OMB  Circular  A-130.  An  ITA  is  defined  as  including 
an  enterprise  architecture  and  a  technical  reference  model  with  standards  profiles.  The 
enterprise  architecture  should  balance  an  agency's  balance  between  centralization  and 
decentralization.  The  guidance  adopts  the  five-component  model  of  National  Institute  of 
Standards  and  Technology  Special  Publication  500-167,  Information  Management  Directions: 
the  Integration  Challenge,  but  agencies  are  permitted  to  identify  different  components  as 
appropriate.  Components  include:  business  processes,  information  flows  and 
relationships,  applications,  data  descriptions,  and  technology  infrastructure.  See 
architecture  framework  for  the  Department  of  Defense  DoD  implementation  via  the  CTSR 
(Command,  Control,  Communications,  Computers,  Intelligence,  Surveillance,  and 
Reconnaissance)  Architecture  Framework;  (IRMC  New  World  of  the  CIO  Course)  and  the 
Federal  Enterprise  Architecture  Framework  (version  1.1,  February  1999  draft),  by  the 
subgroup  of  the  CIO  Council  http://vvvvvv.itpolicv.psa.gov/inJ<e/ai-chplu.s/cmodol.hhn. 
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However,  it  states  (p.  9)  that  "research  indicates  that  only  20  percent  of  an  enterprise 
architecture  is  strategically  valuable"  (IRMC  Data  Management  Strategies  and 
Technologies  Course).  Waivers  can  be  obtained  for  legacy  systems  if  compliance  requires 
funding.  ITA  implementation  requires  meeting  Clinger-Cohen  Act  goals  and  instituting 
change  management,  legacy  systems  integration,  IT  personnel  planning,  and  compliance 
certification  (IRMC  Advanced  Information  System  Acquisition  Course). 

Information  Technology:  Enterprise  Architecture  Use  Across  the  Federal  Government  Can  Be 
Improved.  CAO-02-6  February  19, 2002-  http:  /  /  www.gao.gov/new.items/d026,pdl(184 
pp )  Executive  Office  of  the  President:  Analysis  ofEOP's  1999  Information  Technology 
Architecture  Update  and  Capital  Investment  Plan  Report.  AIMD-00-63R  (16  pp.)  February  4, 
2000,  http:  /  /archive.gao.gov  /  f0302  /  163215.pdf; 

http:  /  /  www.whitehouse.gov  /omb /memoranda /m97-16.htrnl  M-97-16. 

There  is,  I  have  been  taught,  all  the  difference  in  the  world  between  the  desire  and  the 
act.  The  one  is  written  on  water,  the  other  carved  in  stone.  (Lawrence  Block,  Even  the  Wicked, 

William  Morrow  &  Co.,  NY,  1997,  p.  131.) 

Information  Technology  Governance— see  Control  objectives  for  Information  and 
related  Technology  (CobIT) 

A  structure  of  relationships  and  processes  to  direct  and  control  the  enterprise  m  order 
to  achieve  the  enterprise's  goals  by  adding  value  while  balancing  risk  versus  return  over 
information  technology  (IT)  and  its  processes.  CobIT  includes  an  IT  governance  maturity 
model  similar  to  the  capability  maturity  model  (CMM)  with  six  levels:  0,  nonexistent;  1, 
iiutial  or  ad  hoc;  2,  repeatable  but  intuitive;  3,  defined  process;  4,  managed  and 
measurable;  and  5,  optimized.  It  also  delineates  a  number  of  critical  success  factors,  key 
goal  indicators,  and  key  performance  indicators  (CobIT  Executive  Summary,  ]ufy  2000, 3' 
ed.)  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

12.  There  is  never  a  single  right  solution.  There  are  always  multiple  wrong  ones, 
though.  (David  Akin,  professor.  University  of  Maryland,  "Akin  s  Laws  of  Spacecraft 
Design"  [received  via  Internet  e-mail]  and  confirmed  by  Dr.  Akin  dakin@umd,edu  or 
DAKTN@SSL.UMD.EDU.  See 

http: /  /spacecraft.ssLumd.edu  /academics/ akins  laws.ht.ml.) 

Information  Warfare  (IW)— see  Command  and  Control  Warfare;  DoDI  3600.2  Information 
Operations  Security  Classification  Guide  (SECRET /NOFORN) 

Offensive  and  defensive  use  of  information  and  information  systems  to  exploit, 
corrupt,  or  destroy  an  adversary's  information  and  information  systems  while  protecting 
one's  own.  See  DoDI  3600.1  or  Joint  Pub  3-13.  See  Daniel  Kuehl's  "Joint  Information 
Warfare"  (Strategic  Forum  Series,  National  Defense  University  Press,  March  1997,  No. 
105,  htq-):  /  / www.ndu.edu  /inss/strforum/foruml0.5.html;  Martin  Libicki's  What  is 
Information  Warfare?  (The  Center  for  Advanced  Command  Concepts  and  Technology, 
NDU,  Washington,  DC,  August  1995);  Defending  Cyberspace  and  Other  Metaphors  (NDU, 
Washington,  DC,  1997),  which  includes  an  extensive  description  of  how  the  human  body 
defends  itself  using  its  immune  system;  and  his  The  Mesh  and  the  Net:  Speculations  on 
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Armed  Conflicts  in  Time  of  Tree  Silicon  (The  Center  for  Advanced  Command  Concepts  and 
Tedmology,  NDU,  Washington,  DC,  August  1995);  David  Alberts'  Defensive  Information 
Warfare  (The  Center  for  Advanced  Command  Concepts  and  Technology,  NDU, 
Washington,  DC,  August  1996);  and  George  Smith's  "An  Electronic  Pearl  Harbor?  Not 
Likely  (Issues  in  Science  and  Technology,  Fall  1998);  Marcus  Ranum's  "Internet  Attacks" 
hUp:/ / www.ranum.com/pubs/pdf /internet-attark^  pdf  (and  see 
http:/ /www.raiuim.com/pubs/pdf/index.hh-n  and 

http:/ / wwvv.ranum.com/pubs/index.shtml );  Mindy  Blodgett's  "Is  IT  Safe?"  (CIO 
Magazine,  July  15, 1999,  http://wwvv.cio.com/aiThive/  071599  ^afp  himl-  Anderson 
Kent's  "International  Intrusions:  Motives  and  Patterns"  http:  /  /www.ararnet.rnm  / 
-kea/Papers/paper.shtml,  1994.  "There's  a  war  out  there  old  friend,  a  world  war,  and  it's 
not  about  who's  got  the  most  bullets.  It's  about  who  controls  the  information— about  how 
we  see  and  hear,  how  we  work,  what  we  think.  It's  all  about  the  information."  (Sneakers, 
1992,  MCA  Universal  Pictures).  Joint  Information  Warfare  (CJCSI  3210.01  of  January  2, 1996, 
Secret/NOFORN)  (IRMC  lAA).  Defense  Science  Board  Information  Warfare  Report  is  online 
h-ttp:/ /cryptome.org/iwd.htm.  IW  electronic  publication:  http:  /  /  wwvv.intowar.mm 

JED  (IW/EW)  Journal  of  Electronic  Defense: 
http:/ / www.iedefense.com  /jedhtml 

Institute  for  the  Advanced  Study  of  Information  Warfare  (lASIW): 
http://psvcom.net/iwar.  1.htm  I 

ARPA's  Information  Survivability  formerly  known  as  "Defensive  Information 
Warfare:"  http:/ /www.darpa.mil/ipto/psuml999/il01-0.html 
A  Guide  to  Information  Warfare:  http:  /  /  www.futurewar.net / 

NPG  IW  Naval  Postgraduate  School:  http:  /  / www.nps.na vy.mil  /iwa g  / 
http:/ /www,i war.org.uk /  and  http: // www.unbsi.ca /library  /subiert /infowar.htm 

War  is  the  father  of  all  (Heraclitus)  ...  we  need  crises  in  life  if  we  are  to  grow,  and  if  the 
aspirant  is  not  aware  of  any  in  his  life,  he  should  precipitate  them.  (Raymund  Andrea,  "The 
Conflict  of  Opposites,"  The  Andrea  lectures.  Ancient  Mystical  Order  Rosae  Crucis,  199],  p. 


The  goal  of  information  warfare  is  to  checkmate  your  opponent  before  he  gets  his  pieces 
out  of  the  box.  (David  Probst,  C4l-PR0-Digest ,  1996,  Vol.  2,  February  11,  No.  183.) 

Infrastructure 

The  entire  interrelated  set  of  one's  processors,  operating  systems,  software,  networks, 
communications  links,  components,  servers,  and  related  hardware.  All  the  hardware  and 
software  (sometimes  including  standards  and  requirements  documents)  performing 
particular  functions  (e.g.,  computing,  KM,  or  IT). 


If  your  outgo  exceeds  your  income,  your  upkeep  will  be  your  downfall.  (Gerald  F. 
Lieberman,  Ed.,  3,500  Good  Quotes  for  Speakers,  Doubleday,  Garden  City,  NY,  1983,  p.  89.) 
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Institute  for  Knowledge  Management  (IKM);  http: //ikm.ihost., com 

An  organization  originally  formed  by  the  International  Business  Machines  (IBM) 
corporation,  but  which  functions  as  an  independent  body,  that  promotes  KM.  Laurence 
Prusak  (co-author  so  several  well-known  KM  books  such  as  Working  Knowledge  and  In 
Good  Company)  is  a  prime  driver  of  the  IKM.  IICM  holds  periodic  meetings  that  include 
presentations  by  knowledgeable  and  often  well-known  people  in  KM.  They  also  perform 
studies  in  KM  via  projects  and  working  groups.  In  addition,  IKM  publishes  periodicals  on 
KM  including  KM  Directions  and  Knowledge  Connections.  IKM  is  located  at  55  Cambridge 
Parkway,  Cambridge,  MA,  02142. 

The  obvious  implication  is  that  both  tacit  and  explicit  knowledge  solidify  and  ossify. 

Unless  distinct  modes  of  reasoning — such  as  alternative  explanations  of  customers 
responses  to  a  competitor's  new  product  introduction — are  articulated  and  assessed,  radical 
disjunctures  in  knowledge  content  or  breakthroughs  in  insight  are  considerably  less  likely  to 
emerge.  In  short,  unless  the  "frames"  points  of  view  embodied  in  perceptions,  beliefs, 
assumptions,  and  projections  about  the  future-are  broken  by  challenging  prevailing  modes 
of  thinking  and  reasoning,  knowledge  generation  and  use  will  be  severely  restricted.  (Liam 
Fahey  and  Laurence  Prusak,  "The  Eleven  Deadliest  Sins  of  Knowledge  Management, 

California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  265—276.) 

Institute  of  Electrical  and  Electronics  Engineers  (IEEE);  http:/ / www.ieee.orgZ 

IEEE  is  a  professional  organization  of  engineers  that  promote  engineering.  However, 
the  IEEE  has  also  established  and  maintains  certain  engineering  standards  (similar  to 
ANSI).  IEEE  802.11  is  the  standard  for  wireless  commtmications  (equivalent  to  IEEE  802.3 
for  wire  communications).  It  was  completed  in  1997,  addressing  infrared,  frequency 
hopping  spread  spectrum,  and  direct  sequence  spread  spectrum  transmission.  It  was 
limited  to  1  or  2  Mbps.  IEEE  802.11b  was  ratified  in  1999,  introducing  the  high  rate 
standards  of  5.5  and  11  Mbps.  In  addition,  it  made  direct  sequence  spread  spectrum  its 
default.  It  is  the  wireless  version  of  Ethernet.  802.11  uses  the  Industry,  Science,  and 
Medicine  (ISM)  frequency  band — from  2.4  to  2.483.5  GHz  (or  2400  to  2483.5  MHz).  Thus, 
its  bandwidth  is  83.5  MHz.  Spread  spectrum  is  required  (by  the  FCC)  to  avoid  in-band 
interference,  and  power  is  limited  to  1  watt.  Encryption  is  optional  and  it  supports  ad  hoc 
(peer-to-peer)  networking,  but  it  has  relatively  high  power  requirements  and  is  subject  to 
ISM  band  interference.  Range  is  about  50  meters.  It  utilizes  a  signal  collision  avoidance 
system  (carrier  sense  multiple  access  and  collision  avoidance,  CSMA/CA,  similar  to 
Ethernet  except  avoidance  versus  detection).  The  sending  unit  checks  with  the  receiver  to 
see  if  there  is  any  traffic.  If  not,  it  transmits.  The  receiver  acknowledges  receipt  of 
transmission.  If  not  received,  the  transmitter  will  re- transmit.  Interference  with  other 
devices  (blue  tooth  or  microwave  ovens)  can  be  minimized  if  devices  are  kept  at  least  10 
feet  apart.  802.11  uses  only  25  percent  of  the  ISM  band  (blue  tooth  uses  the  entire  band), 
but  it  uses  dynamic  speed  adjustment  to  compensate  for  interference.  Non-U.S.  blue  tooth 
devices  can  adjust  their  frequency  hops  to  avoid  the  802.11  band  so  that  they  do  not 
interfere  with  each  other,  but  this  is  not  legal  in  the  United  States  or  in  parts  of  Asia. 
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Few  people  think  more  than  two  or  three  times  a  year.  I  have  made  an  international 
reputation  for  myself  thinking  once  or  twice  a  week.  (George  Bernard  Shaw,  in  3,500  Good 
Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  243.) 

Instrument 

Tests,  rating  forms,  checklists,  questionnaires,  and  other  such  forms  used  to  obtain 
measurements  of  abstract  data  (IRMC  Measuring  Results  of  Organizational  Performance 


It  has,  believe,  been  often  remarked  that  a  hen  is  only  an  egg’s  way  of  making  another 
egg.  (Samuel  Butler,  quoted  by  Jacob  Braude  in  Nero  Treasury  of  Stories  for  Every  Speakim  and 
Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  284.) 


Integrated  Definition  for  Information  Modeling  (IDEFIX)— see  DSS 

A  Joint  Technical  Architecture-approved  standard  for  Department  of  Defense 

^  modeling  described  in  Federal  Information  Processing  Standard  Publication 
184.  Can  be  used  in  conjunction  with  Erwin  data  modeling  tool  (Logic  Works  Inc.).  See 
Jm/n  P1320.1,  IDEFO,  IEEE  1320.2,  and  the  Unified  Modeling  Language 

(UML)  (IRMC  Advanced  Information  System  Acquisition  Course).  See  Chavez,  Lucks, 
and  Yoder  s  EDI:  Successful  Reengineering  Using  IDEF"  and  Hanrahan's  "The  IDEF 
Process  Modeling  Methodology"  both  in  Crosstalk  (June  1995,  Vol.  8,  No.  6)  (IRMC 
Advanced  Software  Acquisition  Management  Course). 


...  The  teachings  of  the  Buddha  are  not  in  themselves  the  experience  of  enlightenment 
Just  as  a  map  of  the  city  of  Paris  is  not  the  city  of  Paris  itself.  (Thich  Nhat  Hanh,  Thundering 

Silence  [Sutra  on  Knowing  the  Better  Way  to  Catch  a  Snake],  Parallax  Press,  Berkeley,  CA,  1993, 
p.  33.) 


Integrated  Digital  Environment  (IDE)— 

http:/ /www.dsmc.dau.mil  /pubs/infrpt.s/inrfr'Ki.31'1 99b  htm 

Project  that  envisions  a  standard  set  of  applications  (e.g.,  for  a  program  manager's  use) 
forming  an  interconnected  set  (environment)  for  managing  programs  in  such  a  way  that 
rotating  personnel  can  use  the  same  systems  for  their  new  offices  or  positions  without 
relearmng  new  management  systems  (military  personnel  "rotate"  or  move  to  different 
positions  every  3-4  years).  Also,  higher  authority  oversight  would  be  simplified  with 
standardized  project  manager  products  from  the  IDE. 

Basic  research  is  what  1  am  doing  when  I  don't  know  what  I  am  doing.  (Wemher  von 
Braun,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  439.) 

Integrated  Product  (or  Process)  Team  (IPT) 

Department  of  Defense  (DoD)  defines  an  IPT  as  a  cross-functional  team  formed  for  the 
specific  purpose  of  delivering  a  product  for  an  external  or  internal  customer  (DoD  OUSD 
[AT]  1996, 1-7).  IPTs  use  diverse  information  and  knowledge  to  perform  special  studies, 
solve  complex  problems,  or  acquire  products  such  as  combat  weapons  systems.  The 
special  value  of  an  IPT  lies  in  the  diversity  of  views  and  backgrounds  held  by  its 
members.  Furthermore,  IPTs  were  devised  so  as  to  eliminate  infighting  amongst  those 
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creating  programs  and  documents  and  those  reviewing  them.  By  integrating  the 
reviewers  into  the  IPT,  they  become  part  of  the  solution.  Also,  changes  made  early  cost 
less.  Communications  are  often  improved  when  different  viewpoints  are  explicated 
publicly  in  an  IPT.  There  are  often  different,  simultaneous  levels  of  IPTs.  The  Overarching 
IPT  (OIPT)  is  the  highest  level,  the  Integrating  IPT  (IIPT)  is  the  intermediate  level,  and  the 
various  Working  IPTs  (WIPTs)  are  usually  the  lowest  level.  IPTs  differ  significantly  in  a 
qualitative  sense  from  other  kinds  of  groups  such  as  working  groups,  teams,  etc.  See 
Katzenbach  and  Smithes  ^^The  Discipline  of  Teams  (HciTVCiTd  Business  Review,  March- April 

1993, 93207). 

As  uncomfortable  as  it  may  be,  our  perception  needs  to  be  continually  challenged  by 
those  whose  experience  is  dissimilar  to  our  own.  Differing  perceptions  need  to  be 
understood,  not  rebuffed.  Truth  and  reality  generally  lie  beyond  the  mere  collection  and 
analysis  of  unprejudiced  facts.  Even  within  our  own  disciplines,  viewpoints  from  coUeaguss 
in  different  countries  and  work  environments  help  to  mature  and  broaden  our  perspectives. 

Only  when  our  minds  expand  to  understand  the  perceptions  of  others  will  our  own  biases 
be  put  into  appropriate  perspective.  (K.  Owen  Ash,  the  editor  s  column,  Journul  of  the 
Internutional  Federation  of  Clinical  Chemists,  2.2,  ISC  House,  Progress  Business  Centre,  Slough, 
England,  1990;  quoted  by  June  Singer  in  "Jung's  Typology  in  the  Workplace,"  Psyche  at 
Work,  Murray  Stein  and  John  Hollwitz,  Eds.,  Chiron  Publishing,  Willamette,  IL,  1992,  p. 

214.) 

Integrated  Services  Digital  Network  (ISDN) 

A  form  of  coimectivity  provided  by  telephone  companies  to  expand  data  rate  capacity 
for  users;  it  combines  voice  and  digital  network  services  in  a  single  medium  (phone  line). 
ISDN  lines  have  varying  capacities  depending  upon  the  subscription.  Video 
teleconferencing  (VTC)  requires  more  bandwidth  than  can  be  supplied  by  one  phone  line 
(minimum  is  two  or  128  kbps).  ISDN  can  provide  the  necessary  capacity.  It  can  also 
integrate  the  voice,  video,  and  data  into  one  synchronous  transmission.  Some  VTC 
systems  include  data  transmissions  so  that  users  can  view  the  same  images  on  computer 
screens  attached  at  both  ends  of  the  videoconference.  System  response  times  can  be 
significantly  reduced  by  upgrading  users  from  56  kbps  dial-up  service  to  128  kbps  (or 
higher)  ISDN  service.  As  the  Navy  Standard  Integrated  Personnel  System  upgraded 
Navy  personnel  software,  it  had  to  upgrade  connectivity  at  its  many  sites  to  support  the 
increased  bandwidth  needed  to  obtain  reasonable  latencies  (user  response  times).  One  of 
the  options  was  to  install  ISDN  lines;  this  was  accomplished  at  a  number  of  user  sites.  Of 
course,  the  costs  for  ISDN  are  higher  than  for  regular  phone  service. 

You  ask  me  what  it  is  I  do.  Well  actually,  you  know. 

I'm  partly  a  liaison  man  and  partly  P.  R.  O. 

Essentially,  I  integrate  the  current  export  drive 

And  basically  I'm  viable  from  ten  o'clock  till  five. 

(Sir  John  Betjeman,  1906—,  Executive,  from  The  Oxford  Dictionary  of  Quotations,  Oxford 
University  Press,  New  York,  1980,  p.  42,  No.  14.) 
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Integrity 

In  information  assurance,  integrity  refers  to  protection  against  unauthorized 
modification  or  destruction  of  information.  Public  key  infrastructure  with  digital 
signature  is  a  prime  method  of  ensuring  the  integrity  of  a  communication  or  transmission. 
Appropriate  use  of  the  two  types  of  keys  (public  and  private)  and  a  hash  ensures  that  any 
change  to  the  transmitted  message  will  be  obvious.  Integrity  is  the  second  element  in  the 
information  assurance  acronym  CIANA  (confidentiality,  integrity,  availability, 
nonrepudiation,  and  authentication),  that  itemizes  the  major  factors  in  computer  security. 
More  generically,  integrity  can  refer  to  the  overall  quality  of  an  information  system  and 
the  correctness  and  reliability  of  its  products.  Data  integrity  can  be  checked  (usually  by 
comparing  present  versus  original  checksums).  Such  tools  are  available  from 
http:/ / WWW. stiller. com  /  and  http:/ / www.tripwire.com/. 

My  way  of  joking  is  to  tell  the  truth.  It's  the  funniest  joke  in  the  world.  (George  Bernard 
Shaw,  quoted  by  Lawrence  J.  Peter  in  The  Peter  Prescription,  William  Morrow  &  Co  New 
York,  1972,  p.  8.) 

Intellectual  Capital 

The  value  created  by  the  use  of  the  human  intellect  (directly  or  indirectly).  It 
represents  the  intangible  intellectual  assets  of  an  organization  and  includes  human 
capital,  social  capital,  and  corporate  capital.  Intellectual  capital  is  the  essence  of  KM  at  the 
Department  of  the  Navy  (adapted  from  Glossary  ofIM/IT  &  KM  Terms).  Intellectual  capital 
can  be  implicit  (tacit)  or  explicit.  It  includes  corporate  memory.  Enterprises  lose 
intellectual  capital  when  employees  depart  from  them.  They  can  gain  it  from  formal 
training  (primarily  explicit)  and  on-the-job  training  (potentially  tacit),  and  special  efforts 
to  capture  or  transfer  it  (e.g.,  mentoring,  tacit  knowledge  transfer,  etc.). 

From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

Measuring  Intellectual  Capital:  Learning  From  Financial  History  by  John  W.  Boudreau  and 
Peter  M.  Ramstad:  http: / / www.ilr.cornell.edu/cahrs/PDFs/WorkinePapers /WP96- 
Q8,pdf  6/02.  "In  this  article,  we  suggest  that  designers  of  HR  measurement  systems  can 
learn  from  the  success  of  well-accepted  measurement  models  in  the  financial  and 
marketing  arenas.  We  show  that  the  historical  development  of  these  measurement 
systems  suggests  several  lessons  for  the  HR  measures  of  the  future." 

Of  course  I  am  pleading  the  cause  of  the  thinking  man,  and,  inasmuch  as  most  people  do 
not  think,  of  a  small  minority.  (C.  G.  Jung,  Letters,  Vol.  2,  Bollingen  Series  95, 1951-61, 

Gerhard  Adler  and  Aniela  Jaffe,  Eds.,  Princeton  University  Press,  Princeton,  NJ,  1953-75,  p. 

716.)  '  ' 

Intellectual  Property  (IP);  Intellectual  Property  Center 
http:/  /  www.umuc.edu/distance/odell/cip/cip.html 

Tangible  products  produced  by  human  mind(s)  that  have  the  legal  status  of  personal 
property.  These  include  works  protected  by  copyright,  patent,  and  trademark.  Ideas  are 
not  mtellectual  property  until  they  are  recorded,  published,  or  publicly  manifested  in 


206 


some  form.  Most  products  and  documents  produced  by  or  fimded  by  the  government  are 
not  considered  the  intellectual  property  of  their  creators,  but  are  made  available  to  the 
public  (via  the  Freedom  of  Information  Act)  imless  access  is  restricted  due  to  security  or 
privacy  concerns.  Government  contracts  usually  include  intellectual  property  and  data 
rights  clauses.  The  government  does  not  generally  take  ownership  of  data  rights,  but 
instead  retain  government  usage  rights.  This  approach  is  accentuated  through  the 
government's  dual-use  projects,  intended  to  promote  products  useful  to  the  government 
and  to  the  creating  contractor,  which  that  contractor  can  use  for  commercial  purposes. 

Fair  practices  laws,  while  complicated,  allow  reproduction  of  copyrighted  material  for 
certain  specific  purposes  such  as:  critiques,  news,  teaching  (including  multiple  copies  for 
classroom  use),  and  video  tapings  for  personal  use.  The  first  sale  doctrine  eliminates  the 
creator's  exclusive  rights  of  copying  and  distributing  the  material.  Software  suppliers 
avoid  this  problem  by  licensing  their  software  rather  than  selling  it  outright.  Use  of  the 
software  entails  the  user's  agreement  not  to  resell  it.  Davy  Jones  locker  BBS  was  sued  by 
Software  Publishers  association  for  selling  licensed  software.  Various  organizations  and 
techniques  are  being  used  to  protect  IP  including  MRJ  Technology  (limiting  licenses  to 
one  use  or  copy),  Microsoft  (analyzing  electronic  emanations  to  enforce  license 
agreements),  and  Cambridge  University  under  Microsoft  grant  (to  develop  anti-piracy 
technology).  There  is  an  executive  order  on  computer  piracy  that  directs  agencies  to  adopt 
procedures  to  ensure  they  do  not  acquire,  reproduce,  distribute,  or  transmit  software  in 
violation  of  the  copyright.  Agencies  are  to  prepare  inventories  of  software,  determine 
software  that  is  authorized  for  use,  and  develop  record-keeping  systems  (IRMC 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

Intellectual  Property  and  Tech  Forum  BC  Law  School: 
http:  /  / www.bc.edu /be  org  / avp / law / st  org / iptf / index.html. 

Why  do  we  often  see  wise  men  seeking  out  the  company  of  the  wealthy,  but  seldom  see 
wealthy  men  seeking  out  the  presence  of  the  wise?  ...  because  wise  men  appreciate  the  true 
value  of  wealth,  whereas  wealthy  men  fail  to  appreciate  the  value  of  wisdom.  (R.  Yechiel 
Ha  Rofeh,  "Maalos  Ha  Middos,"  quoted  by  Nachmanides  in  Iggeres  Ha  Ramban  in  R. 

Avrohom  Chaim  Feuer's  A  Letter  for  the  Ages,  Mesorah  Publishing,  Brooklyn,  NY,  1989,  p. 

85.) 

Intelligent  Agent  (lA) 

An  implementation  of  artificial  intelligence.  They  perform  actions  usually  done  by 
human  assistants.  Algorithms  can  be  based  on  AI  techniques  such  as  expert  systems, 
genetic  algorithms,  or  neural  networks.  An  lA  is  used  to  find,  filter,  and  fuse  information 
for  the  user.  They  can  be  used  to  inform  the  user  about  new  general  information  (e.g.. 
Point  Cast),  find  specific  information  (e.g..  Company  Sleuth),  notifying  user  if  Web  pages 
change  (e.g..  Minder),  assisting  with  shopping  (e.g..  Excite),  helping  with  KM  (e.g., 
Enfish),  improving  Web  searching  (e.g..  Ferret),  entertaining  and  answering  questions 
(e.g.,  askjeeves  or  Sylvie).  Presently  lAs  are  not  very  smart,  however.  Their  value  as 
virtual  human  assistants  should  improve  as  neural  networks  are  combined  with  genetic 
algorithms,  etc.  See  http:  /  /  www.botspot.com  (IRMC  New  World  of  the  CIO  Course). 
htfp:  /  / www.hofspot.com  /  (IRMC  Critical  Information  Systems  Technologies  Course). 
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Nothing  can  be  believed  which  is  seen  in  a  newspaper  . . .  Advertisements  contain  the 
only  truth  to  be  relied  upon  in  a  newspaper.  (Thomas  Jefferson,  in  3,500  Good  Quotes  for 
Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  164.) 

Interface — see  Information  Systems  Integration 

A  connection  between  two  entities  or  systems  or  the  process  of  making  such  a 
connection.  IT  interfaces  are  used  to  transfer  data  between  two  information  systems  or 
between  a  system  and  a  user.  The  most  common  user  Interface  includes  a  computer 
screen  with  keyboard,  where  a  user  can  type  in  data  or  instructions,  often  aided  by  a 
mouse,  with  the  screen  displaying  both  the  input  and  results  of  the  computer  processing 
back  upon  the  screen.  Modems  are  used  to  interface  computers  with  the  Internet;  local 
area  networks  are  used  to  interface  a  set  of  computers  with  the  system  and,  thereby,  other 
computers  included  therein.  Interfacing  can  be  created  between  subsystems  within  a 
system  or  between  separate  systems;  however,  it  is  not  as  extensive  as  integrating 
components  and  sub-systems  into  a  united  system.  Interfaces  include  several  aspects: 
physical  or  mechanical,  electrical  or  power,  electronic  or  logical,  and  software  or 
protocols.  Various  Department  of  Defense  documents  describe  interfaces  for  systems 
designed  by  or  for  the  government.  These  include  interface  design  specifications  (IDS) 
weapon  systems  control  interface  drawings  (WSCID),  etc.  With  the  increase  in  contractor 

off-the-shelf  product  usage,  most  interfaces  are  now  industry  standards,  such  as  IEEE 
RS232  interfaces. 


If  we  want  to  be  heard  we  must  speak  in  a  language  the  listener  can  understand  and  on 
a  level  at  which  the  listener  is  capable  of  operating  ...  If  we  are  to  love  we  must  extend 
ourselves  to  adjust  our  communication  to  the  capacities  of  our  beloved.  (M.  Scott  Peck,  The 
Road  Less  Traveled,  Touchstone  Books/Simon  &  Schuster,  New  York,  1978,  p.  154.) 

Intermediation 

The  process  of  connecting  people  to  the  knowledge,  information,  and  data  they 
require.  Practitioners  of  knowledge  intermediation  are  known  as  knowledge  managers, 
brokers,  intermediaries,  and  connectors. 


A  man  convinced  against  his  will,  is  of  the  same  opinion  still.  (Samuel  Butler,  quoted  by 
Jacob  Braude  in  Nezv  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall 
Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  82.) 

International  Information  Systems  Security  Certification  Consortium  (ISC^) _ 

NSTISSI/SANS 

A  nonprofit  organization  that  administers  the  Certified  Information  Systems  Security 
Professional  (CISSP)  certification  program;  http://www.isc2.org/  (IRMC  Developing 
Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 


I  won't  belong  to  any  organization  that  would  have  me  as  a  member.  (Groucho  Marx, 
in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY, 
1983  p.  151.) 
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International  Standards  Organization  (ISO)—  http:  /  /www.iso.ch/ iso/enZ 
rSOOnline.openerpage;  see  Institute  of  Electrical  and  Electronics  Engineers 

The  ISO  creates  and  maintains  international  standards.  For  example,  the  ISO  9000 
series  of  documents  define  international  quality  standards.  With  the  present  DoD 
emphasis  on  commercialization,  international  industry  standards  (e.g.,  ISO  standards) 
have  the  highest  priority.  Considerable  attention  is  now  focused  on  developing  an 
international  standard  for  extensible  markup  language.  Standards  such  as  these  tend  to 
enable  interoperability,  as  observed  in  the  global  use  of  the  World  Wide  Web.  The 
International  Telecommimications  Union  is  another  international  standards  organization 
(IRMC  New  World  of  the  CIO  Course).  See  Lewis  Gray's  "ISO/IEC  12207  Software 
Lifecycle  Processes"  {Crosstalk,  1996,  Vol.  9,  No.  8,  August,  pp.  14-18 
lutp:  /  /<^tsr.hil]  af.mi1  /CrossTalk/ 1996 /aug/ isoiec.html)  (IRMC  Advanced  Software 

Acquisition  Management  Course). 

England  and  America  are  two  countries  separated  by  the  same  language.  (George 
Bernard  Shaw,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  332.) 


International  Telecommunications  Union  (ITU) 

The  ITU,  similar  to  the  International  Standards  Organization,  creates  and  maintains 
international  standards.  The  ITU,  however,  specializes  in  telecommunications  standards. 

It  was  formerly  called  the  CCITT,  Committee  for  International  Telegraph  and  Telephone. 
ITU-T-509  is  the  standard  for  X.509  digital  certificates. 

The  only  alternative  to  coexistence  is  co-destruction.  (Jawaharlal  Nehru,  Leo  Rosten  s 
Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  502.) 

Internet;  Internet  Indicators  http:  /  /  www.internedndicators.com,  Internet  World 
http:  /  /  www.internetworld.com 

A  worldwide  system  of  computer  servers  from  which  users  at  any  computer  can 
extract  information  or  knowledge.  It  is  a  public,  cooperative,  and  self-sustaining 
institution  accessible  to  himdreds  of  millions  of  people  worldwide.  It  was  originally 
developed  by  the  Defense  Advanced  Research  Project  Agency  for  Department  of  Defense 
use  but  has  expanded  into  the  World  Wide  Web  (its  primary  modern  usage).  The  net  is 
generally  accessible  through  telephone  lines,  although  wireless  access  is  becoming  more 
prevalent.  Internet  service  providers  attach  users  to  the  Internet.  While  the  Internet  is 
open  to  all  users,  particular  Web  sites  may  be  access  controlled  by  their  owners.  The 
Internet  is  the  medium  creating  the  possibility  of  ebusiness  and  e-Government. 
Demographics  have  been  identified  for  Internet  usage:  median  age,  33;  average  household 
income,  $59,000;  married,  41  percent;  children  under  18  at  home,  34  percent;  college 
degree,  57  percent;  professional,  30  percent  (IRMC  Managing  Networked  Security  m  a 
Networked  Environment  Course).  See  Mark  Butler's  high  level/easy  to  read  How  to  Use 
the  Internet  and  Harley  Hahn's  extensive  site  list  Internet  Golden  Directory  (IRMC  Data 
Management  Strategies  and  Technologies  Course).  Internet  connectivity  must  be 
controlled:  whatever  is  not  specifically  allowed  should  be  disallowed  (e.g.,  imauthorized 
or  "rogue"  modems)  in  order  to  protect  the  network  from  outside  attack.  Security 
personnel  can  war  dial  the  telephones  to  look  for  rogue  modems.  Modems  can  also  be 
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automatically  disconnected  after  a  period  of  inactivity  (IRMC  Developing  Enterprise 
Security  Strategies,  Guidelines,  and  Policies  Course). 

If  you  believe  everything  you  read,  better  not  read.  (Japanese  Proverbs,  Peter  Pauper 

Press,  Mt.  Vernon,  NY,  1962,  p.  43.) 

Internet  Protocol  (IP) 

The  set  of  rules  and  procedures  within  transmission  control  protocol/Internet 
protocol  that  governs  the  breakup  of  data  messages  into  packets,  the  routing  of  the 
packets  from  sender  to  destination  network  and  station,  and  the  reassembly  of  the  packets 

mto  the  original  data  messages  at  the  destination  (adapted  from  Glossary  ofIM/IT  &  KM 
Terms). 


We  dissect  nature  along  lines  laid  down  by  our  native  language  . . .  Language  is  not 

but  a  defining  framework  for  it.  (Benjamin  Whorf, 

»97  1941.  Thinking  in  Primitive  Communities,  in  Hoyer,  Ed.,  New  Directions  in  the  Study  of 
language,  1964,  from  The  Oxford  Dictionary  of  Quotations,  Oxford  University  Press  New 
York,  1980,  p.  571,  No.  23.) 

Internet  Relay  Chat  (IRT) 

Computer  channels  configured  to  allow  users  to  perform  chat  functions.  This 
windows  feature  is  a  security  risk  and  has  been  used  by  hackers  for  attacks  on  systems. 
Eirewalls  should  be  configured  to  disallow  IRT  in  the  network.  IRT  can  be  used  to 
establish  zombies  and  facilitate  denial  of  service  attacks. 


Bliss  ungrounded  in  physical  reality  is  not  bliss  but  delusion.  (Bahya  ben  Joseph  Ibn 
Paquda,  The  Book  of  Direction  to  the  Duties  of  the  Heart,  quoted  by  Perle  Epstein  in  Knbbalah- 
The  my  of  the  Jewish  Mystic,  Shambhala,  Boston,  1988,  p.  4.) 


Internet  Service  Provider  (ISP) 

A  service  organization  (normally  commercial)  that  provides  Internet  connectivity  and 
associated  services  to  its  customers  or  users.  Examples  include;  America  Online  (AOL), 

CompuServe,  Erols,  and  Earthlink.  Locate  Internet  Service  Providers  by  area  code  >9  I'oo 
http:/ /www.thelist.coin.  ' 


It  IS  the  new  patterns  of  looking  at  the  world  that  are  important.  These  patterns  ...  turn 
out  to  be  the  growth  points  of  our  understanding.  It  is  the  search  for  ever-improving 
understanding  that  lures  us  on,  inviting  us  to  supersede  existing  patterns.  (Stephen 
Denning,  The  Springboard,  Butterworth-Heinemann,  Boston,  2001,  p.  183.) 

Interoperability 

The  ability  of  systems  to  exchange  services  with  other  systems  so  as  to  operate 
effectively  together.  Systems  that  interoperate  are  independent  from  each  other  as 
opposed  to  an  integrated  system  with  its  component  sub-systems.  However,  a  super¬ 
system  or  overarching  system  composed  of  all  interoperating  systems  can  also  be 
en\asioned.  Similarly,  interfacing  systems,  which  merely  communicate  limited  data  to 
each  other,  are  only  interoperable  in  a  very  generic  sense.  Thus,  a  spectrum  would  go 
om  mterfacing  to  interoperable  to  integrated  in  a  progression  of  increasing 
mterdependence.  Two  100  percent  interoperable  systems  are,  in  fact,  one  integrated 
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system.  Interoperability  is  a  major  consideration  in  systems  engineering  and  Naval  Sea 
Systems  Command,  for  instance,  refers  to  systems  engineering  and  interoperability  as 
SE&I,  addressing  it  as  a  domain  or  discipline.  In  April  1999  the  Center  for  Naval  Analyses 
(CNA)  published  a  study  of  CiSR  (Command,  Control,  Communications,  Computers, 
Intelligence,  Surveillance,  and  Reconnaissance)  interoperability  with  North  Atlantic 
Treaty  Organization  allies.  CNA  pointed  out  that  little  interoperability  presently  exists  for 
integrated,  common,  or  multinational,  military  operations  even  for  technologically 
developed  nations  and  that,  with  continual  IT  advances,  the  situation  was  worsenmg. 

Joint  Interoperability  Test  Command  GITC):  http://jitc.fliu.disa.rnil 
Office  of  the  Director,  Interoperability:  http: /  / www.acq.osd.mil/ioZ. 

...  but  the  truth  is  so  simple  and  uncomplicated  that  it  will  not  be  accepted  by  those 
whose  ways  are  complicated  and  who  therefore  seek  for  complexity  everywhere.  (Franz 
Hartmann,  The  Life  and  Doctrines  of  Jacob  Boehme,  quoted  in  Rosicrucian  Digest,  June  1973,  Vol. 

LI,  No.  6,  p.  5.) 

Inter-Rater  Reliability 

A  technique  for  estimating  instrument  reliability  in  which  ratings  are  compared  from 
two  or  more  evaluators  who  use  the  same  form  to  rate  the  same  set  of  cases  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  For  best  results  (hue  value), 
one  person's  ratings  must  not  be  available  to  other  raters  prior  to  their  submission  of  their 
own  ratings  (i.e.,  blind  ratings  must  be  used,  and  double-blind  ratings  are  highly 
recommended).  Due  to  various  rater  errors,  inter-rater  reliability  may  not  be  high.  Also, 
different  raters  tend  to  have  different  average  or  mean  scores  even  given  the  same  data 
and  rating  scales.  Thus,  their  entire  rating  structure  can  be  compared  in  an  ordinal  or 
proportional  manner  to  obtain  a  reasonable  measure  of  inter-rater  reliability. 

A  person  always  thinks  another's  psychology  is  identical  with  his  own.  (C.  G.  Jung, 

Civilization  in  Transition,  CWIO,  Princeton  University  Press,  Princeton,  NJ,  1964,  p.  115.) 

Tnh-anpt—  Jiffp:  /  /www.do.com/research/intranetZ 

An  Internet-like  network  whose  scope  is  reshicted  to  the  networks  inside  a  designated 
enclave  within  an  organization.  A  case  in  point  is  the  Navy /Marine  Corps  Inhanet.  An 
inhanet  is  considered  safer  than  the  Internet  since  all  of  its  components  are  located  within 
its  enclave  or  firewall  system.  Outside  risk  is  reduced.  However,  it  is  still  vulnerable  to 
inside  attack — indeed,  it  can  be  more  vulnerable.  However,  additional  firewalls,  inhusion 
devices,  and  other  strategies  are  often  included  within  the  intranet  to  reduce  risk  (single 
point  failure).  In  addition,  it  can  be  easier  to  implement  additional  security  methods  (e.g., 
encryption)  consistently  across  the  enterprise  when  a  full  enterprise  intranet  exists.  Also, 
more  consistent  training  can  be  applied  as  well.  See  http:  /  /  www.intraware.cornZ  (IRMC 
Critical  Information  Systems  Technologies  Course). 

Intranet  Journal:  http:  /  / www.intranetjournal.com/ 

PEO-IT:  http:  /  / www.peo-it.navv.mil 
EDS  NMCI:  http:  /  / www.nmci-isf.com/. 
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A  certain  level  of  personal  intimacy  may  be  necessary  to  establish  comfortable 
communication  of  tacit  knowledge.  Internet-based  friendships  suggest  that  intimacy  does 
not  depend  wholly  on  physical  co-location,  but  it  remains  to  be  seen  whether  such 
friendships  are  based  enough  in  reality  to  mimic  the  mutual  understanding  bom  of  face-to- 
face  encounters.  (Dorothy  Leonard  and  Sylvia  Sensiper,  "The  Role  of  Tacit  Knowledge  in 
Group  Innovation,"  California  Management  Revieto,  Berkeley,  CA,  Spring  1998  Vol  40  Issue 
3,  Spring,  pp.  112-132.)  '  •  - 

Intrusion  Detection  System  (IDS) 

An  information  system  security  device,  particularly  important  for  defense-in-depth 
approaches,  that  monitors  and  analyzes  system  and  network  traffic  for  possible  hostile 
attack  or  misuse  from  inside  or  outside,  issues  alert  of  unusual  or  unauthorized  activity 
and  idenhfies  unauthorized  devices  (e.g.,  a  dial-up  modem).  An  IDS  can  be  host-based  or 
network-based.  A  host-based  IDS  resides  on  a  server,  monitors  server  logs,  uses  statistical 
analysis  to  detect  aberrant  behavior,  is  not  real-time,  has  limited  access,  protects  host.  A 
network-based  IDS  resides  as  an  agent  on  local  area  network  servers,  filters  and  analyzes 
m  real  time,  compares  packets  against  an  attack  signature  database,  performs  pattern  or 
byte-code  matching,  detects  threshold  crossing,  correlates  lesser  events,  performs 
statistical  anomaly  detection,  makes  alerts  and  notifications,  requires  maintenance  and 
updating  of  database.  IDSs  do  not  work  alone,  but  in  conjunction  with  other  information 
security  elements.  They  do  not  detect  all  attacks.  Vendor  technology  refresh  must  be 
considered  m  choosing  an  IDS.  An  IDS  function  can  also  be  outsourced  (IRMC  Managing 
Networked  Security  in  a  Networked  Environment  Course).  Approaches  used  by  leading 
products  mclude:  detect  statistical  anomalies,  use  expert  systems  whose  knowledge  is 
derived  from  human  auditors,  develop  models  of  intrusion  based  on  past  intrusions, 
develop  models  based  on  neural  networks,  use  a  composite  approach  which  integrates 
resists  from  different  approaches  (IRMC  Assuring  the  Information  InfrastrucLre 
Course).  BackOfficer  Friendly — free  intrusion  software: 
http:/ / www.nfr.com/products/bof7. 

Nukenabber — free  intrusion  software  for  ports: 
b-ffP-/ /.yww.dvnamsol. com /puppet/ nukenabber.html. 

"Faith"  is  a  fine  invention 
When  the  gentleman  can  see — 

But  microscopes  are  prudent 
In  an  emergency. 

(Emily  Dickenson,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman  Ed 
Doubleday,  Garden  City,  NY,  1983,  p.  91 .) 

Item  Analysis 

A  process  of  choosing  the  best  items  from  a  pool  of  items  for  use  in  a  measurement 
^trument  on  the  basis  of  ratings  by  judges  or  results  of  a  tryout  of  the  instrument  (IRMC 
Measurmg  Results  of  Organizational  Performance  Course).  This  is  the  technique  used  to 
conshuct  questionnaires.  The  Myers-Briggs  Type  Indicator  (MBTI),  for  instance,  used  an 
empirical  technique  to  select  and  test  items  for  inclusion  in  the  instrument. 
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Creativity  emerges  from  individuals  finding  or  being  given  opportunities  to  work  at 
their  full  level  of  capability.  .Work  becomes  uncreative  when  people  are  underemployed, 
that  is  to  say,  when  the  level  of  work  they  are  doing  is  beneath  that  which  they  could  do. 

And  unfortunately  in  our  industrial  society,  far  too  many  people  are  either  rmderemployed, 
or  if  employed,  then  underutilized.  (EUiott  Jaques,  Creativity  and  Work,  International 
Universities  Press,  Inc.,  Madison,  CT,  1990,  p.  vii.) 

Item  Pool — see  Item  Analysis 

A  large  number  of  preliminary  items  developed  for  a  measurement  instrument  from 
which  the  final  items  will  be  selected  (IRMC  Measuring  Results  of  Organizational 
Performance  Course). 

Unfortunately,  most  management  interventions  emphasize  shared  vision  and  process 
skills  that  help  create  a  harmonious  environment  but  do  little  to  educate  team  members 
about  each  other's  skills  and  abilities.  (Rob  Cross  and  Lloyd  Baird,  "Technology  is  Not 
Enough:  Improving  Performance  by  Building  Organizational  Memory,"  Sloan  Management 
Review,  Spring  2000,  Vol.  41,  No.  3,  MIT  reprint  No.  4135,  Cambridge,  MA,  p.  74.) 
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Java  (Applets)— see  Common  Object  Request  Broker  Architecture  (CORBA),  Mobile 
Code,  and  Webification 

Java  is  a  platform  independent  and  security  aware  programming  language  developed 
by  Sun  Computers.  Java's  mini-applications  or  programs  are  called  applets.  Java  is  an 
interpreted  object-oriented  language  similar  to  C++.  It  runs  on  any  platform  supporting  a 
Java  interpreter  0ava  Virtual  Machine).  The  applets  are  written  in  a  machine-independent 
code  called  "byte  code."  They  are  dynamically  downloaded  from  a  Web  server  to  "just  in 
time"  fat  clients.  Applets  can  talk  directly  to  an  application  server  or  database  via  network 
protocols  (e.g.,  Java  Database  Connectivity,  JDC).  Its  security  is  based  on  its  byte  code 
verifier.  The  byte  code  is  interpreted  by  your  browser  to  run  on  your  computer,  but 
before  executing  it,  the  verifier  ensures  that  the  code  has  the  proper  structure  (not 
corrupted  by  a  hacker)  bttp:/  / www.sun.com /java/ .  Java  also  employs  a  sandbox  that  is 
a  Java  Virtual  Machine  (JVM)  with  applets  running  and  serves  as  a  virtual  proxy— to 
enhance  security.  Java  is  a  type  of  mobile  code.  Java  has  GUI  potential  via  Sun  s  Abstract 
Windowing  Toolkit  (AWT),  Sim's  Java  Foundation  Classic  (JFC)  that  enhances  AWT, 
Netscape's  Internet  Foundation  Classes  (IFC)  which  also  enhances  AWT,  and  JavaBeans, 
whereby  developers  can  create  their  own  components  that  can  be  customized  by  GUI 
builders.  See  Andrew  Patzer's  "Using  Java  in  a  Distributed  Environment"  (see  his  book. 
Professional  Java  Server  Programming:  with  Servlets,  JavaServer  Pages  (JSP),  XML,...  Perfect 
Paperback,  1999).  "Java  starts  where  CORBA  leaves  off.  CORBA  deals  with  network 
transparency,  while  Java  deals  with  implementation  transparency"  (BYTE  Magazine, 
October  1997).  However,  for  pure  Java-to-Java  communication,  interface  definition 
language  (IDL)  may  not  be  necessary,  since  Visigenic's  Caffeine  creates  stubs  and 
skeletons  without  IDL  and  Java's  Remote  Method  Invocation  (RMI)  use  Java  Virtual 
Machine  facilities  to  communicate  with  objects  without  using  CORBA  (IRMC  Data 
Management  Strategies  and  Technologies  Course). 

All  software  changes  are  minor  until  you  make  them.  (Donato  M.  Russo,  Naval  Air 
Development  Center,  Warminster,  PA,  May  15, 1974.) 

http://www.pinnaclepublishing.com/TE/TEmag.nsf/FreeTipsIndexiopenform 

http:  /  /  www.december.com  /  works  /|ava  /books.html 
http:/  /java. sun.com/ 
http:  /  /www.gamelan.com/ 

httiT  /  /  mpmbers.aol.com/lpang1  n473/iavaap.htm. 
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In  military  parlance,  joint  describes  a  product,  activity,  etc.,  with  participants  from 
more  than  one  military  service.  While  there  are  three  military  departments  (Air  Force, 
Army,  and  Navy)  in  the  United  States,  there  are  four  military  services  (Air  Force,  Army, 
Marine  Corps,  and  Navy).  The  strong  efforts  to  promote  jointness  in  the  military  have 
resulted  in,  for  instance,  the  issuance  of  Joint  Vision  2010  and  Joint  Vision  2020,  as  well  as 


215 


the  creation  of  joint  programs  such  as  the  Defense  Integrated  Military  Human  Resources 
System  (DIMHRS),  which  includes  all  four  military  services. 

During  my  second  month  of  nursing  school,  our  professor  gave  us  a  pop  quiz.  I  was  a 
conscientious  student  and  had  breezed  through  the  questions,  until  1  read  the  last  one: 

''What  is  the  first  name  of  the  woman  who  cleans  the  school?"  Surely,  this  was  some  kind  of 
joke.  1  had  seen  the  cleaning  woman  several  times.  She  was  tall,  dark-haired  and  in  her  50s, 
but  how  would  1  know  her  name?  1  handed  in  my  paper,  leaving  the  last  question  blank, 
just  before  class  ended,  one  student  asked  if  the  last  question  would  count  toward  our  quiz 
grade.  Absolutely,"  said  the  professor.  "In  your  careers,  you  will  meet  many  people.  All 
are  si^ificant.  They  deserve  your  attention  and  care,  even  if  all  you  do  is  smile  and  say 
hello.  1  ve  never  forgotten  that  lesson.  1  also  learned  her  name  was  Dorothy.  (Received  via 
Internet  e-mail;  used  here  as  an  illustrative  story.) 

Joint  Technical  Architecture  (JTA) — http:/  / wwvv-ita.itsi.ciisa.mil/ita/jtav2  dnld.html 
(IRMC  Assuring  the  Information  Infrastructure  Course) 

A  Department  of  Defense  (DoD)  set  of  standards  governing  the  arrangement, 
interaction,  and  interdependence  of  system  parts  or  elements  to  ensure  that  a  conformant 
system  satisfies  a  specified  set  of  standards.  Formerly  referred  to  as  the  lowest  level 
architecture  of  the  three  levels  of  the  DoD  IT  architecture,  it  is  now  referred  as  the  lowest 
view  of  the  three  views  of  that  architecture.  The  JTA  replaces  the  DoD  Index  of 
Specifications  and  Standards  (DoDISS)  as  part  of  the  acquisition  reform  initiative  that 
cancelled  almost  all  military  and  DoD  specifications  and  standards  as  part  of  the  move  to 
commercial  standards  and  purchases.  T^e  JTA,  while  useful,  is  a  misnomer;  it  is  not  an 
architecture.  It  is  more  like  a  building  code.  It  can  increase  potential  interoperability  by 
limiting  the  set  of  standards  from  which  selection  can  be  made.  It  includes  logical 
interface  standards  and  protocols  for  information  transport,  content,  format,  and 
processing.  The  main  document  contains  generic  standards  and  appendices  contain 
domain-specific  standards  in  areas  such  as  weapon  systems,  modeling  and  simulation, 
and  command,  control,  communications,  computers,  intelligence,  surveillance,  and 
reconnaissance  (CiSR).  The  JTA  includes  emerging  standards  but  not  legacy  standards. 
The  order  of  precedence  is:  international  industry  standards  (e.g..  International  Standards 
Organization),  national  industry  standards  (e.g.,  American  National  Standards  Institute 
or  Institute  of  Electrical  and  Electronics  Engineers),  government  standards,  and  (worst 
case)  DoD  standards,  unless  required  for  a  valid  national  security  interests  (IRMC  New 
World  of  the  CIO  Course).  The  JTA  is  essentially  an  implementation  (subset)  of  TAFIM 
and  meets  TAFIM  requirements. 

Golub's  Law: ...  projects  progress  quickly  until  they  are  90  percent  complete,  and  then 
they  remain  90  percent  complete  forever.  (Alan  J.  Driscoll,  "Software  Visibility  and  the 
Program  Manager,"  Defense  Si/stems  Management  Reviexu,  Spring  1977,  Vol.  I,  No.  2,  quoted 
by  Gohn  A.  Grooby  in  "Maximizing  Returns  on  EDP  Investments,"  Data  Management 
September  1972,  p.  17.)  ^ 


Navy  JTA:  http:  /  /  www.csc.com /jta 

TAFIM— See  the  DU  Master  Plan:  http:  /  /  vsearch.d  tic.m i I  /  searrhQy  / 

s9Zis.vts?action=View&VdkVgwKev=http->o3A‘/>2FTo2Fwww'/.2Fdisa»/'7Fi-nil 


'K)2Fdiimp 
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%2Fdiimp%2D2%2Ehtm1&:DocOffset=2&DocsFound=64&OueryZip=%3CSuiTi^>o3E%28% 

5B%2E9Q%5D^^.28%3CManv%3E%3CStem%3E%60TAFIM%60%29%2C+%5B%2E10%5D 

»/>28»/o3CYesNo%3E%28yo28%3CMany%3E%3CStem%3E%60TAFIM%60%29+%3CIn%3E 


+%6Qtitle%60%29%29%29&Collection=disa&SortField=Score&SortOrder=Desc& 
ftp:  /  /198.4.59.6  /pub  /library  /policies  /  tafim  / . 


Judgment  Sampling — see  Threats  to  Acceptance  and  Face  Validity 

A  subgroup  of  the  population  is  chosen  on  the  belief  that  it  is  representative  of  the  full 
population,  without  empirical  verification  (IRMC  Measuring  Results  of  Organizational 
Performance  Course). 


I  always  advise  my  patients  not  to  cherish  the  naive  belief  that  what  is  of  the  greatest 
significance  to  them  personally  also  has  objective  significance.  (C.  G.  Jung,  Two  Essays  on 
Analytical  Psychology,  CW7,  Princeton  University  Press,  Princeton,  NJ,  1966,  p.  220.) 
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Key  Pair — see  Public  Key  Infrastructure  (PKI) 

Two  keys  which  decrypt  each  other.  Key  pairs  are  used  in  asymmetric  encryption  (as 
opposed  to  symmetric  encryption  in  which  only  one  key  is  used  to  encrypt  and  decrypt). 
One  key  is  labeled  as  an  individuaTs  public  key  because  it  is  distributed  publicly  usually 
through  digital  certificates.  The  other  key  is  labeled  as  an  individual's  private  key  because 
it  is  kept  secret  by  its  owner.  PKI  is  a  form  of  asymmetric  encryption  that  will  be  used  in 
the  Navy /Marine  Corps  Intranet.  Originally,  pretty  good  privacy  (PGP)  used  symmetric 
encryption,  but  its  newer  version  has  asymmetric  encryption  and  so  utilizes  key  pairs.  In 
asymmetric  encryption,  a  sender  encrypts  a  message  with  the  recipient's  public  key  but 
signs  (via  digital  signature)  the  message  with  his  or  her  own  private  key.  Similarly,  the 
recipient  decrypts  the  message  with  his  or  her  private  key  and  decrypts  the  signature 
with  the  sender's  public  key. 

YGIAGAM:  Your  Guess  Is  As  Good  As  Mine.  (Fred  Nathanson,  Radar  Design  Principles, 
McGraw-Hill,  New  York,  1969,  p.  158,  figure  5-lld.) 


Key  Management  Infrastructure  (KMI) 

The  process  used  to  manage  the  entire  life  cycle  of  digital  certificates  (containing 
public  keys),  (cf.  PKI).  Potential  problems  with  PKI  certificate /key  management  include 
the  imavailability  of  a  user's  private  key,  so  that  an  organization  cannot  decrypt 
important  information.  From  a  life-cycle  perspective,  keys  can  expire,  employees  retire  or 
expire,  archived  data  may  need  to  be  resurrected,  etc.  Key  escrow  and  recovery  schemas 
have  been  developed  to  address  such  difficulties.  An  escrow  agent  can  retain  copies  of  an 
organization's  employees'  private  keys,  but  this  greatly  increases  risk  and  creates  a  single¬ 
point  failure  itself.  Alternately,  two  escrow  agents  can  each  retain  half  of  the  employees' 
keys  that  are  vmusable  unless  combined  later  to  generate  the  private  key.  Under  an 
alternative  key  recovery  scheme,  for  each  transmission,  the  two  parties  each  combine 
their  private  key  with  the  other  party's  public  key  to  create  a  session  key  which  is 
encrypted  with  the  escrow  authority's  public  key  and  sent  to  the  escrow  authority.  The 
parties  then  exchange  data  via  the  session  key.  l^e  session  key  can  only  decrypt  this 
particular  transmission,  limiting  exposure  of  the  employee's  private  key.  The  schema  is 
executed  in  the  background  (invisible  to  users).  The  escrow  authority's  private  key  is  still 
a  single  point  failure  for  prior  transmissions  and,  therefore,  a  risk  factor  (IRMC  Advanced 
Information  System  Acquisition  Course).  See  "The  Risks  of  Key  Recovery,  Key  Escrow, 
and  Trusted  Third  Party  Encryption"  (Hal  Abelson),  a  report  by  an  ad  hoc  group  of 
cryptographers  and  computer  scientists  (Center  for  Democracy  and  Technology  1998 
http:  /  /  www.rdt.org /rrv|^to  /risks981  (IRMC  Assuring  the  Information  Infrastructure 
Course). 


Time  and  tide  wait  for  no  man.  (Geoffrey  Chaucer,  in  3,500  Good  Quotes  for  Speakers, 
Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  245.) 
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Knowledge 

The  ideas,  understanding,  and  lessons  that  an  organization  has  learned  over  time.  This 
knowledge  may  be  specific  to  the  organization  that  created  it.  Knowledge  is  condensed 
information  with  context  that  has  value  for  decision  and  action.  Knowledge  can  be 
explicit  (generally  written  down  in  some  form  or  other)  or  implicit/ tacit  (only  available  in 
people's  minds  and  difficult  or  impossible  to  extricate).  Knowledge  is  at  a  higher  level  of 
abstraction  than  information  or  data  and  is  more  easily  understood.  Wisdom  is 
considered  a  higher  level  of  abstraction  still.  In  the  state  of  flow,  information  is  readily 
translated  into  knowledge  and  action  in  a  tacit  manner.  In  the  words  of  Dave  Beimet, 
"Knowledge  shared  is  power  squared."  One  of  the  main  precepts  of  KM  is  that  sharing 
knowledge  benefits  everyone.  Knowledge  is  like  a  candle  flame:  sharing  it  with  others 
(lighting  their  candles)  does  not  diminish  one's  own  knowledge,  but  increases  the  licht 
for  all  to  see. 

One  piece  of  knowledge  ...  is  better  than  prostrating  oneself  in  prayer  a  hundred  times. 

(The  Prophet  Mohammed,  quoted  by  Idries  Shah,  Thinkers  of  the  East,  Arkana  fPeneuinl 
New  York,  1971,  p.  179.) 

Knowledge  Base  (KB)— see  Database 

Stored  knowledge  of  individuals  within  an  organization  that  can  be  accessed  by 
others.  An  instrument  for  knowledge  sharing  and  utilizing  lessons  learned.  Modern 
knowledge  bases  tend  to  be  multimedia,  employing  such  entries  as  videotaped 
interviews,  PowerPoint  slides,  steaming  video,  Microsoft  Word,  etc.  Often  the  term 
"database"  is  still  used  when  entries  are  actually  information  or  knowledge. 

In  the  end  men  love  better  that  for  which  they  have  made  sacrifices  than  that  through 
which  they  have  enjoyed  pleasures.  (Lord  Samuel,  quoted  by  Jacob  Braude  in  Neiu  Treasury 
of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs  NI 
June  1961,  p.  346.) 

Knowledge  Brokering — see  Analogic  Thinking 

The  transferring  of  either  tacit  or  explicit  knowledge  from  providers  to  those  with  a 
specific  need.  Unlike  connecting,  brokering  implies  a  quid  pro  quo  (though  this  may  be 
implicit).  Thus,  brokering  is  similar  to  selling  or  marketing.  Thus,  knowledge  brokering  is 
antithetical  to  the  generalized  reciprocity  envisioned  for  the  knowledge-centric 
organization  of  the  future.  It  is  more  appropriate  for  vertical  organizations  with 
competitive  versus  cooperative  atmospheres  or  cultures. 


We  see  only  the  actions  of  other  people,  but  we  judge  ourselves  by  our  intentions.  Our 
intentions  are  usually  much  better  than  our  actions.  We  could  improve  our  world  if  we 
would  take  the  trouble  to  find  out  the  intentions  of  others,  and  consider  their  actions  in  the 
light  of  their  intentions.  (Celia  Luce,  "Intentions  and  Actions,”  Relief  Society  Magazine, 
quoted  by  Jacob  Braude  in  Nero  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion, 

Prentice  Hall,  Inc,  Englewood  Cliffs,  NJ,  June  1961,  p.  354.) 
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Knowledge  Centric 

An  organizational  ability  to  jointly  leverage  personnel  and  technology,  to  create 
knowledge,  and  to  quickly  deliver  resulting  insights,  to  the  right  persons,  at  the  right 
time,  to  solve  problems,  and  exploit  opportunities.  See  knowledge-centric  organization 
(KCO)  and  KCO  CD  or  toolkit. 

Our  function  as  human  beings  is  to  increase  our  expertise  and  to  become  so  human  that 
we  see  ourselves  in  all  other  people.  (Gerard  I.  Nierenberg  and  Henry  H.  Calero,  How  to 
Read  a  Person  Like  a  Book,  Hawthorne  Books,  New  York,  1971,  p.  vii.) 

Knowledge-Centric  Organization  (KCO) — cf.  KCO  CD 

An  organization  that  organizes  around  its  critical  knowledge  needs  and  then  builds 
useful  and  relevant  methods  and  processes  to  fill  those  needs.  This  resulting  organization 
is  an  overlay  to  the  existing  organizational  structure  such  that  personnel  integrate 
knowledge  sharing  into  their  everyday  lives.  By  providing  access  to  the  breadth  of 
organizational  knowledge,  members  can  quickly  and  accurately  draw  upon  critical 
lessons  learned  to  work  more  efficiently  and  effectively.  Activities  will  then  satisfy  the 
dictum  to  work  faster,  better,  cheaper,  and  most  important,  the  organization  can 
coherently  pursue  knowledge  superiority. 

The  sentiments  of  almost  every  executive  who  participated  in  this  study  echo  those  of 
Drucker:  that  leveraging  organizational  knowledge  is  not  only  important,  but  it  may  be  the 
most  important  job  management  has.  (Rudy  Ruggles,  "Knowledge  Management  in 
Practice,"  California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  80- 
89.) 

Knowledge-Centric  Organization  (KCO)  Toolkit  (KCO  CD  or  KCO  Toolkit) 

Available  from  the  DON  CIO  in  CD  format.  The  new  version  2.0  includes  the  case- 
based  reasoning  (CBR)  tool  developed  at  the  Naval  Research  Laboratory  to  assist  users  in 
finding  information  and  knowledge  they  are  seeking.  The  toolkit  includes  a  measured 
method  of  implementing  a  KCO  as  well  as  a  wealth  of  KM  resources  including  an 
extensive  library  of  embedded  documents,  a  large  list  of  applicable  Web  sites,  explications 
of  numerous  available  tools,  books,  articles,  etc.  It  is  intended  as  a  site  for  one-stop 
shopping  for  performing  KM  within  organizations. 

The  only  person  you  can  change  is  yourself  ...  attempts  to  convert  others  tend  toward 
chaos  and  away  from  community.  (M.  Scott  Peck,  The  Different  Drum,  Simon  &  Schuster, 

New  York,  1987,  p.  185.) 

Knowledge  Champion 

A  person  who  champions  KM  within  an  organization.  Knowledge  champions  act 
independently  to  instill  the  principles  of  KM,  create  a  knowledge-oriented  culture, 
establish  a  knowledge  infrastructure,  and  promote  the  creation  and  use  of  knowledge 
throughout  the  organization.  Chief  knowledge  officers  (CKOs)  should  certainly  be 
knowledge  champions,  but  they  should  not  be  the  only  ones.  The  Knowledge 
Management  Community  of  Practice,  for  instance,  includes  representatives  from 
numerous  federal  agencies  and  facilities,  many  of  whom  are  knowledge  champions 
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within  those  organizations.  It  is  important  for  knowledge  champions  to  interact,  thus 
performing  KM  in  the  arena  of  KM— second-order  KM.  Chief  information  officers  (CIOs) 
are  frequently  advised  to  interface  with  operating  executives  within  their  organization  in 
order  to  elicit  the  needs  of  their  departments  and  employees.  By  attiming  to  and 
addressing  such  needs,  a  CIO  can  gain  important  credibility  within  the  organization. 
Similarly,  CKOs  must  do  the  same  converting  organizational  leaders  and  executives 
into  knowledge  champions.  Stephen  Denning's  book.  The  Springboard,  describes  how  he 
used  stories  to  sell  KM  to  the  World  Bank.  He  depicts  how  the  president  of  the  bank 
metamorphosed  into  a  knowledge  champion. 

Only  an  "r"  separates  "impotence"  from  "importance"— which  r  you?  (Neal  Pollock 
February  22, 1998.) 

Knowledge  Community  Leader  (KCL) 

A  person  who  facilitates  communities  of  practice  to  foster  innovation,  improved 
performance,  and  collaboration;  this  requires  facilitation  skills  to  ensure  change  initiatives 
are  supported.  Similar  to  CKOs,  KCLs  are  inherently  knowledge  champions — but  with  a 
specific  function  to  perform  within  the  specific  community.  Nevertheless,  as  knowledge 
champions,  KCLs  can  exert  valuable  influence  beyond  the  domain  of  their  community. 

Wisdom  outweighs  any  wealth.  (Sophocles,  Antigone,  1.1050  ode  HI,  from  Familiar 
Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  82b.) 

Knowledge  Density  (KD) — see  Data  Density  and  Information  Density 

The  percentage  of  knowledge  in  a  verbal  communication  (oral,  written,  or  electronic). 
Human  communications  may  include  knowledge,  information,  and  or  data  (KID)  in 
varying  proportions  (each  being  inversely  proportional  to  the  others  since  it  is  a  zero  sum 
game).  Thus,  each  communication  has  a  data  density,  information  density,  and 
knowledge  density  (though  some  may  be  zero  for  a  specific  communication).  They  form  a 
distribution  that  varies  for  each  instance.  Nevertheless,  there  are  trends  peculiar  to 
individuals  (as  well  as  types  of  communications).  Thus,  some  individuals  may  usually 
exhibit  high  or  low  knowledge  densities.  Such  characteristics  reflect  both  nature  and 
nurture,  depending  upon  individual  Myers-Briggs  types,  training,  experience,  etc. 
Mismatches  between  people  oriented  towards  higher  or  lower  KDs  can  result  in 
miscommunications,  boredom,  anger,  confusion,  and  other  dysfunctional  results.  KD  can 
be  modified  by  individuals  who  recognize  the  process  in  which  they  are  engaged  and 
who  take  responsibility  for  managing  this  process.  KD  can  be  a  major  factor  in  time 
management,  and  can  greatly  affect  team  efficacy  and  efficiency  of  operations.  A  useful 
rule  of  thumb  is  to  ask  whether  informational  content  is  necessary  and  sufficient  to  the 
listener  or  audience. 

It  is  generally  the  communicator's  responsibility  to  tailor  the  communication  to  the 
target  audience.  Such  disconnects  can  frequently  be  observed  in  work  groups.  Indeed, 
some  individuals  may  be  avoided  (though  they  may  have  valuable  input  to  contribute) 
due  to  differing  KD.  KD  differs  from  (but  relates  to)  data  rate.  For  example,  the  total  data 
transmitted  is  the  product  of  data  density  and  data  rate  (the  way  they  are  defined  here). 

Of  course,  if  all  that  is  communicated  is  data  (data  density  =  1.0  or  100  percent),  then  the 
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data  rate  implies  the  total  data.  Similarly,  the  total  knowledge  (or  information) 
transmitted  would  be  the  knowledge  rate  (basically,  the  data  rate  using  the  broad 
definition  generally  in  use  today  where  data  includes  information  and  knowledge  from  a 
totally  technical  versus  human  perspective)  multiplied  by  the  KD. 

We  do  not  talk— we  bludgeon  one  another  with  facts  and  theories  gleaned  from  cursory 
readings  of  newspapers,  magazines,  and  digests.  (Henry  Miller,  "The  Shadows,"  The  Air- 
Conditioned  Nightmare,  1945,  from  The  International  Thesaurus  of  Quotations,  Rhoda  Thomas 
Tripp,  Harper  &  Row,  New  York,  1970,  p.  112,  entry  185,  No.  25.) 

Good  communication  is  stimulating  as  black  coffee,  and  just  as  hard  to  sleep  after. 

(Anne  Morrow  Lindbergh,  "Argonauta,"  Gift  from  the  Sea,  1919,  p.  41,  from  The  International 
Thesaurus  of  Quotations,  Rhoda  Thomas  Tripp,  Harper  &  Row  New  York,  1970,  p.  93,  entry 
148,  No.  9.) 

Knowledge  Elicitation — see  Tacit  Knowledge  Transfer 

1)  The  process  of  interrogating  an  expert  to  elicit  (and  later  codify)  his  or  her  tacit 
knowledge.  The  knowledge  elicited  is  then  incorporated  into  a  knowledge  repository. 

2)  A  technique  used  to  create  a  rule  base  of  an  expert  system. 

1  asked  you  what  time  it  is,  and  you  told  be  how  to  build  a  clock.  (Gordon  Braudaway, 

IBM,  quoted  by  CAPT  Gerald  Jones,  PMA264,  NAVAIR,  March  11, 1977.) 

Knowledge  Hoarding — see  Collaboration 

A  resistance  to  share  knowledge  in  an  organization  or  company.  This  resistance 
generally  arises  from  a  belief  that  the  ownership  of  knowledge  constitutes  power.  This 
may  be  based  upon  the  belief  in  supply  and  demand,  whereby  items  in  short  supply  have 
increased  value  (USA).  However,  Alex  Bennet  has  argued  the  opposite  position,  that 
"Knowledge  shared  is  power  squared."  The  basic  difference  lies  in  the  opposing  values  of 
competition  (classical  or  Keynesian  economics)  and  cooperation.  Such  a  set  of 
simultaneously  opposing  principles  tends  to  create  a  normal  distribution  that  has  a  local 
maximum  (or  minimum).  There  should,  therefore,  be  an  optimal  point  to  the  amount  of 
knowledge  shared  versus  unshared.  This  assumes  a  zero  sum  game — in  which  an 
individual,  for  example,  has  a  limited  amount  of  time  available.  Sharing  knowledge  tends 
to  increase  value  for  the  organization,  but  decreases  the  amount  of  time  an  individual  has 
to  perform  other  work.  Thus,  a  happy  medium  is  to  be  sought.  Knowledge  networks  or 
expertise  locator  systems  face  the  same  situation  if  staffed  by  people  for  whom 
supporting  the  system  is  collateral  duty — not  their  main  job.  They  must  balance  the  set  of 
tasks  that  represent  their  jobs  or  positions  within  the  organization.  This  balancing 
problem  is  exacerbated  by  organizations  that  do  not  walk  the  talk  regarding  knowledge 
sharing  and  management. 

The  trouble  with  the  world  is  that  the  stupid  are  cocksure  and  the  intelligent  full  of 
doubt.  (Bertrand  Russell,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p. 

250.) 


223 


He  that  is  good  for  making  excuses  is  seldom  good  for  anything  else.  (Benjamin 
Franklin,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  340.) 

Knowledge,  Information,  and/or  Data  (KID) 

Also  referred  to  as  DINK.  This  term  emphasizes  the  importance  and  value  of 
knowledge  over  information  or  data.  No  kidding! 

Information  is  only  a  means  of  insight,  and  in  itself  of  little  or  no  value;  that  it  is  his  way 
of  thinking  that  makes  a  man  a  philosopher  ...  With  by  far  the  largest  number  of  learned 
men,  knowledge  is  a  means,  not  an  end.  (Arthur  Schopenhauer,  quoted  by  Ralph  M.  Lewis 
in  The  Immortalized  Words  of  the  Past,  Ancient  Mystical  Order  Rosae  Crucis,  San  lose  CA 
1986,  p.  236.) 

Knowledge  Intermediation 

The  process  of  linking  disparate  knowledge  providers  with  knowledge  users,  both 
inside  and  outside  of  the  organization.  Knowledge  intermediaries  can  help  users  assess 
and  clarify  their  knowledge  needs,  proactively  capture  and  disseminate  knowledge,  and 
maintain  the  accuracy  and  relevance  of  the  knowledge  base.  Knowledge  intermediation  is 
a  crucial  and  desired  capability  of  all  knowledge  workers  in  the  development  of  an 
effective  knowledge-centric  organization.  In  the  oil  drilling  industry,  for  instance,  it  cost 
$30,000  per  day  for  a  drilling  team  to  await  the  answer  to  a  drilling  problem  from 
headquarters.  One  company's  response  was  to  set  up  a  communications  link  to  a 
knowledge  intermediator  who  would  determine  the  nature  of  the  problem  and  refer  it  to 
the  appropriate  expert  within  the  company.  These  experts  were  networked,  preassigned, 
and  briefed  so  that  they  provided  high  priority  to  such  requests.  After  implementation  of 
this  system,  the  response  times  were  reduced  from  a  range  of  three  days  to  three  weeks 
prior  to  implementation  down  to  an  average  of  three  hours.  This  saved  the  company 
millions  of  dollars.  Knowledge  managers,  workers,  and  brokers  perform  knowledge 
intermediation  functions. 


Bodily  exercise,  when  compulsory,  does  no  harm  to  the  body;  but  knowledge  which  is 
acquired  under  compulsion  obtains  no  hold  on  the  mind.  (Plato,  The  Republic,  536-E  from 
Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  94b.) 

Knowledge  Inventory 

The  systemic  identification  of  an  organization's  knowledge.  Since  such  knowledge  is 
often  tacit,  the  inventory  may  often  be  "pointers  to  people"  rather  than  knowledge  itself. 
A  knowledge  network  is  a  system  designed  to  tap  the  living  component  of  this 
knowledge  inventory  in  a  near  real  time  way.  A  knowledge  repository  provides  a  means 
for  capturing  explicit  (and  sometimes  tacit)  knowledge  for  non  real  time  access. 

Learning  is  finding  out  what  you  already  know.  (Defense  Systems  Management 
College,  Manufacturing  Management  Department  Quote  of  the  Day  No.  4.) 

Knowledge  Management  (KM) 

1)  The  management  of  knowledge — applying  the  principles  of  management  to  the 
generation,  codification,  storage,  distribution,  and  re-use  of  knowledge.  KM  attempts  to 
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make  conscious  the  processes  that  humans  have  been  employing  since  the  primeval 
French  cave  walls  were  drawn  upon  with  petroglyphs  and  pictographs,  and  to  update 
those  processes  with  modern  technology  and  psychology.  People  generally  learn 
consciously  and  explicitly,  either  through  personal  experience  (the  hard  way  or  School  of 
Hard  Knocks)  or  from  other  people  (the  easy  way  through  training,  mentoring, 
apprenticing,  reading,  etc.).  KM  attempts  to  build  upon  the  former  to  enhance  the  latter, 
so  as  to  create  a  more  cost-effective  knowledge  organization.  In  parallel,  unconscious, 
tacit  knowledge  is  generally  learned  personally  (through  intuition,  hunches,  attunements) 
or  collectively  (through  one's  culture,  rituals,  ceremonies,  and  shared  experiences  of  a 
less-defined  nature).  KM  also  attempts  to  delve  into  tacit  knowledge  through  stories, 
interviews,  conversations,  and  other  informal  means. 

2)  The  process  for  effectively  applying  intellectual  capital  (human,  social,  and 
organizational)  to  enable  faster,  better  organizational  decisions.  The  means  used  can  be 
nonreal  time,  near-real  time,  or  real-time,  depending  on  need.  Tools,  such  as  decision 
support  systems,  can  provide  content  to  decision  makers  faster  and  more  coherently  but 
cannot  actually  effect  decision  making  by  themselves.  According  to  Thomas  Davenport 
and  Lawrence  Prusak,  in  Working  Knowledge,  the  original  intention  of  using  expert 
systems  to  replace  human  thought  and  decisions  has  itself  been  replaced  by  the  use  of 
such  tools  as  case-based  reasoning  to  augment  and  facilitate  human  decision  making. 

KM  can  be  viewed  as  an  interface  or  cusp  between  human  psychology  and  process 
and  (information)  technology,  though  it  has  been  characterized  as  two-thirds  human  and 
one-third  technology  (at  most).  As  Gerry  Gingrich  (IRMC)  wrote  (quoting  Pascal),  "The 
Heart  has  its  Reasons  that  Reason  does  not  Know"  (Journal  of  End  User  Computing,  Vol.  7, 
No.  1,  Winter  1995)  and  Arno  Penzias  wrote  "Computers  manipulate  symbols  and 
numbers;  only  humans  use  experience  to  connect  them  to  meaning"  (Ideas  and  Information, 
Simon  &  Schuster,  New  York,  1989)  (IRMC  Leadership  for  the  2T*  Century  Course).  For 
employing  KM  in  acquisition  and  program  management,  see  http:  /  /  wi^^w.dau.mil  / 
pubs /arq /arq2002.asp#Winter;  http:  /  / Vvww.dsmc.dsm.mil /  pubs  / pdf / pmpdfOl  / so- 
pol.pdf  for  answers  to  FAQs. 

IT/KM/eC  tools:  http:  /  / www.microsoft.com / indonesia  / enterprise  /km.asp 
Interdepartmental  KM  forum  (Canada):  http://groups.yahoo.com/group/ikmf  figs 
Customer  Knowledge  Management:  http:  /  /  www.destinationcrm.com/ articles/ 
default-asp?  ArticleID=2295&KeyWords=:=Knowledge++AND+Management. 

Academic  Centers 
California  Management  Review: 
http:  /  /  www.haas.berkeley.edu/News  /cmr  /  index.html 
Carnegie  Bosch  Institute:  http:/  /cbi.gsia.cmu.edu/ 

Knowledge  Ecology  Certificate  Program-George  Mason  University: 
http:  /  /  www.knowing.org  /ke  /index.html 

KM  The  George  Washington  University:  http:  /  /www.km.gwu.edu/ 

KM  University  of  Texas  at  Austin:  http:  /  /  www.bus.utexas.edu/kman/ 

University  of  Texas  Case  Study:  Teltech: 
http:/  /  www.bus.utexas.edu/kman/  telcase.htm 
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KM  Exchange  University  of  Kentucky: 
http:/ / www.uky.edu/BusinessF:conomics/dssakba  /kmexch.htm 

Public  Library  Stanford  University:  http:  /  / wwvv.ksl.stanford.edu/knovvledge- 
sharing/README.html 

University  of  Albany:  http:  /  /vvvvvv.albanv.edu  /faculty  /pml  57/teaching  / 
topics/ orglearn.html#organizations 

http:/  /www.scd.ucar.edu  /info/KDl  /KDlvvorkshop.html 
National  Defense  University:  http:  /  / vvww.nduknowledge.net. 

KM  News  and  Publications 
Charting  a  KM  Course: 

http://www.computerwoi-ld.eom/cwi/story/0.1199.NAV47  ST048722.00.html 
Knowledge  versus  information:  http:  /  /ericacve.oi-g/docs/mr00Q09.htm 
KM  World:  http:  /  /  www.km  world  .com 
KM  Consortium  International:  http://www.kmci.org/ 

KM  Magazine:  http://www.destinationcrm.com/km/dcrin  km  artic]e.asp?id=907 
KM  News:  http:  /  /  www.kmnews.com. 


KM  Related  Portals 

Buckman  Laboratories  Website  for  KM:  http:  /  /  www.knowledge-nurture.com  / 
Collaborative  Strategies:  http:  /  / www.collaborate.com  / 

KMTool:  http:  /  / www.kmtool.net/index.htm 
Knowledge  Markets  Meta  Portal  Kaieteur  Institute  for  KM: 
http:/ / www.kikm.org/portal/index.htm 

The  KM  Resource  Center:  http:  /  /www. kmresource.com  / 

Level  Best  Consulting:  http:/ / vv-ww.levelbest.net/ 

Content  Management:  http:  /  /  www.psgroup.com 
Teleos  Knowledge  Business:  http:  /  / www.knowledgebusiness.com 
Sopheon  (formerly  Teltech):  http: /  / www.sopheon.com  / 
http:/ /www.cio.com/archive/rc  mdium.htm 

KM  Research  Centers.  Institutes,  and  Forums 

American  and  International  Standards  Development:  http:  /  /  www.kmstandards.org/ 
American  Productivity  and  Quality  Center  (APQC): 
http:/ / www.apqc.org/km/eKnowledgeCenter.com 
http:  /  /  www.eknowledgecenter.com  /index. shtml 

CIO  Magazine's  KM  Research  Center:  http:/ / www.cio.com/forums/knowIedge/ 
Gartner  Group:  http:  /  /  www.gartner.c(->m 
Global  Business  Network:  http:  /  / www.gbn.org / 

Global  Knowledge  Economics  Council  (GKEC):  http:/ / www.gkec.org 
Institute  for  KM  IBM:  http://ikm.ihost.com 

The  Information  Economy:  http://www.sims.berkeley.edu  /resources/infoecon/ 

The  Kaieteur  Institute  for  KM:  http: /  /  www.kikm.org  / 

Knowledge  Markets  Meta  Portal:  http:/ / www.kikm.org/portal/index.htm 
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Knowledge  Markets  Meta  Portal  Resources: 
http:  /  /  www.kikm.org  /portal  /resources.htna 

e-Knowledge  Markets  Meta  Portal:  http:  /  / www.kikm.org/portal/ page2.htrn 
e-Knowledge  Markets  Meta  Portal  Abstracts: 
http:  /  /  www.kikm.org  /portal  /page22.htm 
KM  Forum:  http:/ / www.km-forum.org 

Knowledge  Associates  International:  http:  /  / www.knowledgeassociates.com/. 
Knowledge  Cormections  David  Skyrme  Associates:  http:/  /  www.skyrme.comZ 
Knowledge  Garden:  http:  /  / www.co-i-l.com/ coil/knowledge-garden/index.shtml 
Knowledge  Inc.:  http:  /  / www.knowledgeinc.com/ 

Knowledge  and  Innovation  Management  Professional  Society  (KIMPS),  nonprofit 
international  organization  for  development  of  commimities  of  practice  and  interest: 
http:/ /www.ckimps.org/ 

Knowledge  Management  Certification  Board  (KMCB): 
http:/  /  www.kmcertification.org/ 

The  KM  Consortium  International:  http:/  / www.kmci.org/ 

KM  Professional  Organization  (KMpro):  http:/  / www.kmpro.org  at 
support@kmpro.org — KM  certifications 

KM  Review  Melcrum  Online:  http:  /  / www.melcrum.com/ 

KM  Virtual  Library  Community  Forums,  Articles,  Magazines,  Events,  Resources, 
Analyses  and  News:  http:  /  / www.brint.com  /km 

Knowledge  Research  Institute:  http:/ / www.knowledgeresearch.com 
Knowledge  Science  and  Technology  Institute:  http:/ / www.kmtmiversity.orgZ 
The  Mitre  Advanced  Technology  Newsletter: 
http: / /www.mitre.org /pubs/edge/ april  00 

NetAcademy  on  Knowledge  Media:  http:  /  / www.knowledgemedia.org:  / 

Sveiby  KM:  http:  /  / www.sveiby.com.au 

The  Technology  Cooperation  Program  (international):  http: // www.dtic.mil/ttcp/. 
Tools  for  KM 

Business  Transformation  Book  Cafe:  http:  /  /www.vision-nest.com/btbc/ 

Center  for  Business  Knowledge  Ernst  &  Yoimg: 
http: / / www.ey.com/ global/ gcr.nsf /US/ Overview  - 
Center  for  Business  Knowledge  -  US  -  Ernst  &  Young  LLP 

The  Change  Project:  http:  /  / www.well.com/ user /bbear/ index.html 
Delphi  Group:  http:/ /www.delphigroup.com/ splash.html 

EKnowledgeCenter  (certification  programs,  expert  networks,  knowledge  resources, 
and  electronic  publishing  services):  http:  /  /  www.eKnowledgeCenter.com 

Enlisting  Management  Support  for  Change:  Storytelling  as  a  Springboard  Steve 
Denning:  http:  /  /  www.stevedenning.com/ 

Executive  Resource  on  Knowledge,  Technology  and  Performance  Knowledge  Inc.: 
http:  /  /  www.webcom.com/ quantera/ welcome.html 

Federal  CIO  Council's  KM  (USA  Knowledge):  http:  /  / www.km.gov / 

Integrated  Diagnostic  System  (IDS)— Overview:  http: /  /ai.iit.nrc.ca/IR  public/ids/ 
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KM  Vocabulary— A  basic  list  of  generic  KM  vocabulary: 
http:/ /www.geocities.com/ResearchTriangle/Cai'npus/415n/kmvocab.htiTi 
Knowledge  Communities  International:  http://www.kcindex.com/ 

KM  in  the  DON  CIO:  http: / /  www.don-imit.navy.mil/interestareas.asp 
A  Strategy  Guide  to  KM: 

http:/  /w  ww.harvardcomputing.com/Knowledge/knowled  ge.html 

Some  Principles  of  KM:  http:/ / www.strategy-business.com/search/archives/ 
?textfield='/)22Some+Principles+of+Knowledee+ManagemenbX,22&kevwd=anv&issue  a 

fter=&issue  before=&x=58&y=6. 

Truths  cannot  be  taken  on  trust.  They  need  to  be  continually  rediscovered  and  formed 
afresh  if  they  are  to  retain  their  spiritual  content,  their  life  and  nutritive  value.  It  is  a  law  of 
spiritual  growth  that  the  same  truths  must  be  continually  experienced  and  thought  through 
in  new  forms.  (Lama  Govinda,  A  Living  Buddhism  for  the  West,  Shambhala  Boston,  1990,  p. 

36.) 

Knowledge  Management  Taxonomy — see  Taxonomy 

A  taxonomy  is  a  structured  set  of  names  and  descriptions  used  to  organize  sources  in 
a  consistent  way.  A  typical  taxonomy  uses  a  logical  arrangement  but  doesn't  account  for 
users  particular  decision-making  and  action-taking  needs.  A  KM  taxonomy  focuses  on 
enabling  efficient  and  interoperable  retrieval  and  sharing  of  data,  information,  and 
knowledge  across  the  enterprise  by  building  in  natural  workflow  and  knowledge  needs 
in  an  intuitive  structure  (Technology  Intelligence  International,  Burke,  VA,  703-764-1903, 
tg.chi2@techi2.com  -  http:/  /  www.fechi2.com  in  the  KM  taxonomy  draft  brochure). 

There  are  four  types  of  men  in  the  world: 

The  man  who  knows  and  knows  that  he  knows;  he  is  wise,  so  consult  him. 

The  man  who  knows,  but  doesn't  know  that  he  knows;  help  him  not  forget  what  he 
knows. 

The  man  who  knows  not  and  knows  that  he  knows  not;  teach  him. 

Finally,  there  is  the  man  who  knows  not  but  pretends  that  he  knows;  he  is  a  fool,  so 
avoid  him. 

(Ibn  Gabirol,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  188.) 

Knowledge  Map — see  Information  Map  and  Expertise  Locator 

A  knowledge  map  is  a  method  of  (tool  for)  locating  knowledge  within  an 
organization.  It  is  similar  to  an  information  map  except  that  it  addresses  knowledge  vice 
information.  Thus,  it  can  be  a  pictorial  (or  other  type)  representation  of  a  knowledge 
network.  The  sources  and  repositories  of  knowledge  can  be  quite  different  than  those  for 
information  or  data.  Authoritative  data  sources,  for  instance,  do  not  generally  provide 
knowledge.  Presently,  only  people  are  capable  of  converting  information  into  knowledge, 
though  various  tools  can  assist  in  this  process.  Thus,  a  knowledge  map  will  point  to 
people  or  to  knowledge  that  has  been  created  by  people.  Since  knowledge  is  time-limited 
(decays  over  time)  as  do  data  and  information,  people  tend  to  be  the  primary  source — 
unless  a  knowledge  base  is  maintained  on  a  frequent  basis.  Similarly,  considering  rapid 
turnover  in  personnel  as  well  as  in  knowledge,  a  knowledge  map  must  be  maintained 
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regularly  and  systematically  to  remain  of  value  to  the  organization.  Cutting-edge 
knowledge  can  be  explosive,  but  it  can  also  have  a  short  half-life. 

In  addition  to  cataloging  organizational  knowledge,  knowledge  maps  can  be  used  to 
track  sources  of  knowledge  within  the  organization  (Andrew  Gold,  "Knowledge 
Management:  An  Organizational  Capabilities  Perspective,"  The  Journal  of  Management 
Information  Systems,  Summer,  2001,  pp.  48-58).  Knowledge  maps  have  been  defined  as  the 
"visual  display  of  captured  information  and  relationships  that  enable  the  communication 
and  learning  of  knowledge  by  observers  with  differing  backgrounds  at  multiple  levels  of 
detail.  The  individual  items  of  intellectual  capitol  included  in  such  a  map  can  be  text, 
stories,  graphics,  models,  or  numbers.  Maps  can  also  serve  as  links  to  more  detailed 
knowledge  sources,  as  well  as  pointers  to  implicit  knowledge  such  as  experts."  {Knowledge 
Management:  The  Catalyst  for  Electronic  Government,  Raymond  Barquin  and  Alex  Bennet, 
Eds.,  Management  Concepts,  Vienna,  VA,  2001  [USA]). 

I  am  not  young  enough  to  know  everything.  (James  M.  Barrie,  in  3,500  Good  Quotes  fot 
Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  284.) 

Knowledge  Network  International  KM  Network  http: /  /kmn.cibit.nl/ab/siteEngel.s,nsf 

A  knowledge  network  is  a  network  or  assembly  of  interconnected  nodes  arranged 
coherently  to  facilitate  knowledge  flow.  It  addresses  a  predefined  domain  or  set  of 
domains.  The  nodes  are  generally  practitioners  in  that  domain.  For  example,  the  Naval 
Facilities  Engineering  Command  (NAVE AC)  created  a  cadre  of  technical  discipline 
leaders  (TDLs)  for  each  of  its  approximately  30  technical  disciplines.  These  people  became 
the  primary  nodes  in  their  knowledge  network.  Each  TDL,  however,  is  supported  by  a 
community  of  practice  within  his  or  her  technical  discipline.  These  practitioners  became 
secondary  nodes  within  the  network.  Questions,  problems,  challenges,  opportunities,  etc., 
can  readily  be  shared  with  appropriate  personnel  within  the  knowledge  network.  As 
described,  a  knowledge  network  is  inherently  synergistic  with  communities  of  practice. 
Indeed,  the  set  of  TDLs  formed  a  cross-discipline  overarching  commtmity  of  practice  for 
building  facilities.  Such  a  group  can  then  address  interface,  interoperability,  and 
integration  type  issues  from  an  interdisciplinary  perspective.  Of  course,  outputs  can  also 
be  captured  for  a  knowledge  repository. 

Speak  to  everyone  in  accordance  with  the  degree  of  his  understanding.  (The  prophet 
Mohammed,  quoted  by  Idries  Shah,  Tales  of  the  Dervishes,  E.  P.  Dutton  &  Co.,  New  York, 

1970,  p.  38.) 

Knowledge  Portals — see  Web  Sites 

Web  sites  that  integrate  the  most  relevant  information  into  a  single  point  of  access, 
helping  employees  to  easily  find  answers  and  share  knowledge  with  each  other  and  with 
customers  and  other  stakeholders.  Portals  allow  such  knowledge  to  be  located, 
catalogued,  transferred,  and  maintained  for  re-use  by  employing  technology  to  enable 
sharing,  storage  and  retrieval  (USA). 
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The  wisdom  of  the  wise  and  the  experience  of  the  ages  are  perpetuated  by  quotation. 

(Benjamin  Disraeli,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed  ,  Doubledav 
Garden  City,  NY,  1983  p.  197.) 

Knowledge  Repositories 

Collections  of  knowledge  "nuggets,"  considered  as  best  practices  and  lessons  learned 
(reviewed  for  quality  and  validity)  and  organized  for  easy  access  by  users.  They  are 
usually  collected  within  a  specified  domain.  The  Space  and  Naval  Warfare  Command 
Systems  Center  Charleston  (SSC-CH),  for  instance,  concerned  about  the  "brain  drain"  in 
the  area  of  business  development,  conducted  videotaped  interviews  with  knowledgeable 
personnel.  The  tapes  were  edited  to  create  a  set  of  short,  pithy  knowledge  nuggets  of  only 
a  few  minutes  length,  suitable  for  indexing  and  quick  viewing  by  other  employees. 

The  world  is  huge  and  there  is  not  one  theory  only  to  explain  everything.  (C.  G.  Jung, 

Analytical  Psychology,  Its  Theory  and  Practice,  Pantheon  Books  (Random  House),  New  York 
1968,  p.  143.) 

Knowledge  Spirals 

Explicit  elements  are  objective,  rational,  and  created  in  the  "then  and  there,"  while  the 
tacit  elements  are  subjective,  experiential,  and  created  in  the  "here  and  now."  Ikujiro 
Nonaka  and  Hirotaka  Takeuchi  use  this  distinction  to  explain  how  an  interaction  between 
the  two  categories  forms  a  knowledge  spiral;  Explicit  knowledge  is  shared  through  a 
combination  process  and  becomes  tacit  through  internalization;  tacit  knowledge  is  shared 
through  a  socialization  process  and  becomes  explicit  through  externalization.  (See 
Dorothy  Leonard  and  Sylvia  Sensiper,  "The  Role  of  Tacit  Knowledge  in  Group 
Innovation,"  California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3  pp 
112-132.) 


Know-how  embraces  the  ability  to  put  know-what  into  practice.  It  is  a  disposition, 
brought  out  in  practice.  Thus,  know-how  is  critical  in  making  knowledge  actionable  and 
operational.  A  valuable  manager,  for  example,  is  not  simply  one  who  knows  in  the  abstract 
how  to  act  in  certain  circumstances,  but  who  in  practice  can  recognize  the  circumstances 
and  acts  appropriately  when  they  come  along.  That  disposition  only  reveals  itself  when 
those  circumstances  occur.  Such  dispositional  knowledge  is  not  only  revealed  in  practice.  It 
is  also  created  out  of  practice.  That  is,  know-how  is  to  a  great  extent  the  product  of 
experience  and  the  tacit  insights  experience  provides.  (John  Seely  Brown  and  Paul  Duguid, 
"Organizing  Knowledge,"  California  Management  Review,  Berkeley,  CA,  Spring  1998  Vol.  40 
Issue  3,  pp.  90-111.) 

Knowledge  Superiority  (KS) 

Knowledge  superiority  means  creating,  obtaining,  and  utilizing  knowledge  better 
than  one's  adversary.  Joint  Vision  2020  (JV  2020)  states  that,  "the  joint  force  of  2020  will  use 
superior  information  and  knowledge  to  achieve  decision  superiority,  to  support  advanced 
command  and  control  capabilities,  and  to  reach  the  full  potential  of  dominant  maneuver, 
full  dimensional  protection,  and  focused  logistics.  This  set  of  objectives  is  referred  to  as 
full  spectrum  dominance."  Furthermore,  it  states  that  "Information  superiority  provides 
the  joint  force  a  competitive  advantage  only  when  it  is  effectively  translated  into  superior 
knowledge  and  decisions.  The  joint  force  must  be  able  to  take  advantage  of  superior 
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information  converted  to  superior  knowledge  to  achieve  'decision  superiority'  ^better 
decisions  arrived  at  and  implemented  faster  than  an  opponent  can  react,  or  in  a 
noncombat  situation,  at  a  tempo  that  allows  the  force  to  shape  the  situation  or  react  to 
changes  and  accomplish  its  mission."  See  http:  /  /  www.defenselink.mil/pubs  for  the 
National  Security  Strategy  (NSS),  Quadrennial  Defense  Review  (QDR),  JV  2010,  etc.  (IRMC 
Measuring  Results  of  Organizational  Performance  Course). 

If  it's  stupid  but  it  works,  it's  not  stupid.  (J.  Dunnigan,  Hoav  to  Make  War:  A 
Comprehensive  Guide  to  Modern  Warfare,  3"'  ed..  Quill,  Morrow,  NY,  1993.) 

Knowledge  Transfer — see  Tacit  Knowledge  Transfer 

You  may  be  disappointed  if  you  fail,  but  you  are  doomed  if  you  don't  try.  (Beverly  Sills, 
quoted  by  Noah  ben  Shea  in  Great  Jewish  Quotes,  Ballantine,  New  York,  1993.) 

Knowledge  Tree — see  Knowledge  Map 

A  hierarchical  classification  scheme  that  allows  workers  to  "drill-down"  to  the  most 
specific  knowledge  concept  related  to  a  topic  and/ or  issue.  The  "drill  down"  approach 
allows  knowledge  workers  to  see  all  the  topics  related  to  a  stated  issue  or  concept.  An 
embedded  knowledge  tree  allows  "analysis  and  summaries  to  be  constructed  for  use  as 
source  material  by  others  in  the  organization"  (Alfredo  Babiera,  "Knowledge 
Management  and  the  EBRD:  Designing  a  Knowledge  Management  Programme  for  the 
Office  of  the  Chief  Economist,"  Aslib  Proceedings,  Vol.  51,  No.  7,  July/ August  1999  [USA]). 
A  knowledge  tree  resembles  a  decision  tree  or  fishbone  diagram  in  which  the  trunk  is  at 
the  highest  level  of  abstraction  (lowest  level  of  detail)  but  branches  off  into  lower  and 
lower  levels  of  abstraction.  It  can  be  used  similarly  to  a  work  breakdown  structure  or 
outline  or  organizational  wiring  diagram  to  follow  a  path  to  the  knowledge  (in  this  case) 
being  sought.  At  each  branching  a  decision  must  be  reached  as  to  which  fork  to  follow. 

What  a  laugh,  though.  To  think  that  one  human  being  could  ever  really  know  another. 

You  could  get  used  to  each  other,  get  so  habituated  that  you  could  speak  their  words  right 
along  with  them,  but  you  never  knew  why  other  people  said  what  they  said  or  did  what 
they  did,  because  they  never  even  knew  themselves.  Nobody  understands  anybody.  (Orson 
Scott  Card,  Shadow  of  the  Hegemon,  Tom  Doherty  Associates,  New  York,  2000,  p.  58.) 


Knowledge  Worker 

Someone  who  primarily  focuses  on  the  generation,  processing,  storage,  and  use  of 
knowledge.  In  the  evolving  service  economy  in  the  United  States,  knowledge  workers  are 
becoming  more  prevalent  over  time.  "White  collar"  workers  are  undergoing 
metamorphosis  into  knowledge  workers  as  their  data  and  information  management 
activities  are  becoming  more  automated  through  institutionalization  of  IT.  Advances  in 
artificial  intelligence  may  hasten  this  transition.  Unlike  data  or  information  workers, 
knowledge  workers  create  and  utilize  the  meaning  and  context  inherent  in  knowledge.  As 
workers  acclimate  to  a  knowledge  economy,  the  possibilities  for  knowledge  flow 
expand  so  that  the  two  meanings  for  flow  can  coalesce. 
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It  takes  about  20  years  for  the  ordinary  run  of  people  to  begin  thinking  the  thoughts  of 
the  educated  person  of  today.  (C.  G.  Jung,  Psychology  and  Religion:  West  and  East,  CWll, 
Pantheon  Books,  New  York,  1958,  pp.  333-334.) 
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Lagging  Indicators— see  Leading  Indicators 

Measures  of  performance  that  represent  the  ultimate,  long-term  effects  of  an 
organizational  intervention  (IRMC  Measuring  Results  of  Organizational  Performance 
Course).  The  indicators  lag  behind  (in  time)  the  intervention.  Thus,  the  value  of  the 
intervention  can  only  be  evaluated  after  the  fact  using  lagging  indicators. 

How  does  a  project  get  to  be  a  year  late?  One  day  at  a  time.  (Fred  P.  Brooks,  The 
Mythical  Man-Month,  Addison-Wesley,  Reading,  MA,  1975,  p.  153.) 

Last  Mile  t  ^  i- 

The  connection  between  the  customer  and  the  telephone,  cable  company,  or  Internet 

service  provider.  The  last  mile  has  traditionally  used  copper-based  telephone  wire  or 
coaxial  cable,  but  wireless  technologies  offer  alternative  options  for  increased  bandwidth 
in  some  locations.  The  last  mile  provides  less  security  when  utilizing  virtual  private 
networks.  Unless  the  sender  and  receiver  encode  the  data  or  information,  it  is  relatively 
improtected  over  the  last  mile. 

Life  is  a  suicide  mission.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books, 

New  York,  1996,  pp.  128, 146.) 


Leadership 

One  of  the  10  federal  CIO  competencies,  specified  by  the  Federal  CIO  Council 
Executive  Board,  included  in  the  IRMC's  curriculum  for  the  CIO  certificate.  Leadership  is 
intimately  tied  to  change.  Charles  Fishman,  in  Change,  says  "After  10  years  on  the  job  you 
don't  have  10  years  of  experience — you've  got  1  year  of  experience  repeated  10  times." 
http:  /  /www.fastcompanv.com/ online/08/ change.htmL 

See  Sharon  Caudles's  Reengineering  for  Results:  Keys  to  Success  from  Government 
Experience  http:  /  /www.c3i.osd.mil/bpr/bprcd/3002sl.htm_(IRMC  New  World  of  the 
CIO  Course),  Thomas  Kuhn's  The  Structure  of  Scientific  Revolutions,  Peter  Senge's  The  Fifth 
Discipline,  and  Price  Pritchett's  High  Velocity  Culture  Change.  Change  is  primarily  a 
psychological  process  in  today's  organizations;  for  instance,  KM  is  considered  to  be  at 
least  two-thirds  people  and  at  most  one-third  technology.  Leadership  is  quite  different 
from  management.  As  Peter  Drucker  pointed  out,  there  is  a  difference  between  "doing  the 
right  things  and  doing  things  right."  Craig  Hickman  in  Mind  of  a  Manager,  Soul  of  a  Leader 
elaborates  beautifully  on  the  differences  between  the  two  approaches. 

A  Model  of  the  Varied  Factors  Differentiating  Management  and  padership _ 

Leadership  I  Do  the  I  Intuitive  I  Vision  I  Theory  Rational  Effectiveness  Outcomes  Non- 
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In  his  many  books  (e.g.,  Executive  Leadership  and  Recjuisite  Organization),  Elliott  Jaques 
elucidates  the  time  span  or  time  horizon  differences  between  leadership  (higher  level, 
longer  term  view)  and  management  (lower  level,  shorter  term  view);  see 
http: /  / www.dau.mil  /pubs /  irq  /20Q0arq  /poHork  pd  (  It  is  also  interesting  to  contrast  the 
approaches  of  warfare:  attrition  (von  Clausewitz)  and  relational-maneuver  (Sun  Tzu)  as 
well  as  the  past  driving  the  present  (Freud)  versus  the  future  drawing  the  present  Qung). 
John  Koder  asks,  in  Leading  Change,  (Harvard  Business  Review  Press,  1996)  "Why  would 
an  intelligent  person  rely  too  much  on  simple  linear,  analytical  processes?  Answer: 
Because  he  or  she  has  been  taught  to  manage,  but  not  to  lead."  James  OToole  (in  a  book 
with  the  same  name.  Leading  Change,  Jossey-Bass,  1995),  in  describing  the  "Rushmoreans  " 
stated  that  "Those  who  do  not  respect  and  trust  their  followers  cannot  lead  them 
Conversely,  those  who  succeed  at  bringing  about  effective  and  moral  change  believe  in 
and  act  on  the  inherent  dignity  of  those  they  lead"  (IRMC  Leadership  for  the  IT'  Century 
Course).  For  a  somewhat  contrarian  view,  see  "The  Long  View  of  Leadership"  by 
Alexander  Ross  in  Canadian  Business  (May  1992). 

History  shows  that  most  men  who  become  great  leaders  had  been  incompetent 

^  P^cscr/phott,  William  Morrow  &  Co.,  New  York, 

1  learned  from  history  that  a  leader  is  a  man  who  has  the  ability  to  make  other  people 
do  what  they  don’t  want  to  do,  and  like  it.  (Harry  S.  Truman,  Year  of  Decisions,  Doubleday, 

W55  quoted  by  Jacob  Braude  in  Nero  Treasury  of  Stories  for  Every  Speaking  and  Writing 
Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  210.)  ' 

Leading  Indicators— see  Lagging  Indicators 

Measures  of  performance  that  tend  to  show  up  early  after  an  organizational 
intervention  is  introduced  or  which  have  been  shown  to  predict  a  longer-term  effect 
(IRMC  Measuring  Results  of  Organizational  Performance  Course).  We  need  to 

appropriately  value  new  technologies  and  developments  rather  than  overvalue  present 
ones.  ^ 


Hammer  and  Champy  allude  to  the  famous  story  in  which  IBM  failed  to  buy  Xerox 
w  en  ADL  [Arthur  D.  Little,  Co.]  costed  carbon  paper  usage.  They  also  mention:  Inductive 
technology  for  new  uses).  Say's  Law  (supply  creates  its  own  demand), 
and  The  Wayne  Gretzky  School  of  Technology  ("Go  where  the  puck  is  going  to  be,  not 
where  it  is.")  They  state  that  "People  do  not  know  they  want  something  until  they  see  that 
they  can  have  it;  then  they  feel  they  can't  live  without  it,"  recommend  that  you  go  outside 
your  frame  of  reference  [outside  the  dots],  and  that  "Market  research  done  for  a  product 
that  does  not  yet  exist  is  useless."  (Michael  Hammer  and  James  Champy,  Reenmrm  the 

CorporafiOM,  Harper  Business,  New  York,  1993,  pp.  85-100.) 


earning  Organizalion  (LO)— see  Change  Management  and  Organizational  Learning 
An  orgamzation  committed  to  continuous  learning,  both  for  individuals  (in  their 
personal  development)  and  for  the  organization  as  a  whole.  The  DON  Continuous 
Uarning  Guidance  was  issued  on  July  11, 2000,  by  a  DON  CIO  memorandum  (adapted 
from  Clossarn  oflM/lT  &  KM  Terms).  "A  place  where  people  are  continually  discovering 
how  they  create  their  reality.  And  how  they  can  change  it ...  an  organization  that  is 


234 


continually  expanding  its  capacity  to  create  its  future  . . .  the  process  whereby 
management  teams  change  their  shared  mental  models  of  the  company,  their  markets, 
and  their  competitors.  For  this  reason,  we  think  of  planning  as  learning  and  corporate 
planning  as  institutional  learning"  (de  Cues,  "Planning  as  Learning"  Harvard  Business 
Review,  1988,  vol.  66,  No.  2). 

Organizational  learning  occurs  when  people  share  ideas,  reflect  jointly  on  emerging 
patterns  and  insights,  build  common  theory  and  plan  together.  The  result  of  learning  is 
consistent  patterns  of  institutional  action.  Institutional  action  is  the  result  of  a  coherent  set 
of  individual  actions  that  are  supported  by  a  critical  mass  of  opinion  whhin  the 
organization.  It  is  difficult  to  maintain  a  learning  organization  because  it  takes  much  time 
and  resources,  implies  that  members  don't  know  things,  implies  that  past  methods  are  no 
longer  valid,  means  bending  the  rules  and  changing  how  people  act  and  do  business,  and 
requires  incentives  and  rewards  to  encourage  risk-taking.  Organizational  learning 
involves  surfacing,  testing,  and  changing  mental  models,  making  tacit  knowledge  explicit, 
and  developing  a  culture-language-conversation  of  learning  that  pervades  an 
organization  (IRMC  Leadership  for  the  21'‘  Century  Course).  This  is  not  an  entirely 
conscious  process,  but  it  requires  considerable  conscious  commitment  to  succeed. 

In  accordance  with  the  principles  of  change  management,  people's  capacity  or 
inclination  to  change  varies  throughout  the  organization  and  over  time.  Since  the  LO 
paradigm  requires  individuals  to  examine  and  challenge  long-held  belief  systems,  it  is  not 
easy  to  implement.  The  idea  of  an  LO  is  of  course  conceptual,  since  organizations  are 
mental  constructs  and  have  no  inherent  reality.  Rather,  it  refers  to  a  systems  thinking 
approach  to  learning  within  an  organization — addressing  interpersonal  interactions  and 
learning  and  development.  Its  spread  throughout  an  organization  resembles  that  of 
genetic  algorithms  so  that,  if  such  behaviors  as  typify  LO  become  socially  acceptable 
(especially  if  they  become  socially  desirable),  they  can  pervade  the  organization  as  a 
naturally  occurring  phenomenon — ^virtually  self-replicating.  The  key  is  to  reach  an 
acceptable  critical  mass  for  the  process  to  become  self-sustaining.  Nevertheless,  as 
American  philosopher  Eric  Hoffer  stated,  "In  times  of  change,  learners  inherit  the  earth 
(IRMC  Leadership  for  the  21“'  Century  Course). 

Learning  is  not  merely  the  memorizing  of  isolated  facts  but  rather  a  perennial  search  for 
values  relevant  to  the  learner's  existence.  (Longchenpa  [Klong-chen  rab-'byams-pa].  Kindly 
Bent  to  Ease  Us,  Part  I:  Mind  from  The  Trilogy  of  Finding  Comfort  and  Ease  [Ngal-gno  skor- 
gsum],  translated  by  Herbert  V.  Guenther,  Dharma  Publications,  Emeryville,  CA,  1975,  p. 

72.) 

Learning  Organizations  Archive  Innovation  Associates:  http:/  / world.std.com/ ~lo. 

Legacy  System— see  Business  Process  Reengineering 

A  system  or  application  in  which  an  organization  has  already  invested  considerable 
time  and  money.  For  instance,  a  legacy  system  could  be  a  database  management  system 
(DBMS)  running  on  a  mainframe  or  on  minicomputers.  An  important  feature  of  new 
software  products  is  their  ability  to  effectively  interoperate  with  or  at  least  interface  with 
existing  legacy  systems.  Legacy  systems  may  be  candidates  for  phase-out,  upgrade,  or 
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replacement.  The  prevalence  of  large  numbers  of  legacy  systems  with  much  functional 
overlap  greatly  increases  software  maintenance  costs  and  reduces  government  efficiency. 

ash-flow  considerations,  requirements  differences  (especially  in  trying  to  convert  to  joint 
or  common  systems),  and  continuing  need  for  extant,  large  databases  make  conversion 
and  upgrade  difficult.  However,  new  paradigms  and  overarching  policy  changes  can 
force  the  issue.  Thus,  Task  Force  Web  has  been  empowered  to  webify  the  Navy  and  the 
program  executive  officer  for  IT  (PEO-IT)  must  manage  applications  for  the 
Navy/Marine  Corps  Intranet.  Such  efforts  necessitate  a  legacy  systems  audit  to  determine 
which  must  be  retained,  which  may  be  eliminated,  which  might  be  modified  or 
consolidated.  Sometimes  a  legacy  system  may  be  virtually  integrated  into  a  resulting 
larger  system  using  special  middleware  products,  tailoring,  and  new  coding  (cf.  virSal 
mtegration).  See  Norman  Schneide wind's  "How  to  Evaluate  Legacy  System 
Maintenance"  (IEEE  Software,  July/August,  1998).  Legacy  systems  are  often  identified 
with  stovepipes"  since  the  majority  were  created  prior  to  present  trends  towards 
mteroperability  and  open  systems.  Furthermore,  organizational  hierarchies  and 
evaluation  methodologies  tended  to  enforce  system  independence. 

We  killed  the  Indians  for  being  on  our  land  before  we  got  there.  (Maverick,  the  movie.) 

Level  of  Abstraction  (LoA)— see  Vision/Mental  Models,  Systems  Thinkine  and 
Activation  Theory  ° 

f  of  detail,  LoA  refers  to  the  breadth  of  view  versus  the  depth  (level 

ot  detail  or  LoD).  It  is  sometimes  referred  to  the  50,000-foot  level  (with  the  lower  levels  of 
abstraction  at  lower  elevations).  A  LoA  is  equivalent  to  a  higher  LoD.  It  has  also  been 
referred  to  as  the  "helicopter  principle"  since  the  LoA  rises  (and  LoD  decreases)  as  a 
helicopter  rises  into  the  sky.  It  is  well  depicted  in  the  award-winning  short  movie 
owers  of  10,  which  is  shown  in  its  own  small  theater  in  the  National  Air  and  Space 
Museum  m  Washington,  DC.  The  camera  initially  shows  a  couple  on  a  beach  on  Lake 
Michipn  then  rises  at  a  steady  rate  of  increasing  abstraction  (a  power  of  10  increase  over 
me)  mto  the  far-flung  universe.  Then  it  returns  back  down  but  continues  past  the  initial 
view  and  into  the  skin  of  a  person,  into  the  microscopic  world  and  beyond.  Elliott  Jaques 
extends  LoAs  to  work  experiences,  extrapolating  that  individuals  have  appropriate  levels 
^work  and  that  there  are  negative  effects  if  they  cannot  work  at  the  appropriate  level. 

1  his  argument  (and  its  longitudinal  supporting,  empirical  data)  is  supported  by  the  many 
mdmgs  of  activation  or  arousal  theory  of  behavioral  psychology  (as  described  by 
Elizabeth  Duffy  and  others).  ^ 


ere  are  different  ways  of  knowing  the  world  depending  upon  the  level  of  abstraction 
ot  the  parteular  person  engaged  in  constructing  his  particular  picture  of  reality.  (Elliott 
Jaques,  RO.  Gibson,  and  D.  J.  Isaac,  bevels  of  Abstraction  in  Logic  and  Human  Action:  /I  Theory 
of  Discontinuity  in  the  Mathematical  Logic,  Psychological  Behaviour  and  Social  Ormnization 
Hememann,  London,  1978,  p.  31 .) 

.  two  people  perceive  the  same  problem  or  activity  will  be  different  according 

to  the  differences  in  their  level  of  abstraction.  (Ibid.,  p.  278.)  ° 
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Different  pictures  of  the  world,  based  on  different  levels  of  abstraction,  lead  to  different 
accumulations  of  experience,  of  different  patterning  and  ordering  of  detail,  and  different 
final  outcomes.  {Ibid.,  p.  298.) 

Forced  under-employment  through  lack  of  availability  of  adequate  levels  of  work  in  the 
bureaucratic  sector  of  industrial  societies  has  effects  akin  to  imprisonment.  (Ibid.,  p.  300.) 


Lightweight  Directory  Access  Protocol  (LDAP) 

Widely  used  protocol  for  accessing  and  searching  user  information  contained  on 
disparate  directories  on  a  variety  of  incompatible  systems  {Glossary  ofIM/lT  &  KM  Terms). 

1  don't  know  the  key  to  success,  but  the  key  to  failure  is  trying  to  please  everybody.  (Bill 
Cosby,  quoted  by  Robert  Byrne  in  The  637  Best  Things  Anybody  Ever  Said,  Atheneum,  NY, 

1982,  #322.) 

Likert  Scale— see  Comparative  and  Ordinal  Scales 

A  scale  used  in  questionnaires  in  which  respondents  indicate  the  extent  of  their 
agreement  or  disagreement  with  statements  of  moderate  attitudinal  intensity  (see  table 
below)  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 


Some  Likert  Scales 


Scale  Type 

Value 

Satisfaction 

Agree/Disagree 

5 

Very  satisfied 

Strongly  agree 

4 

Satisfied 

Agree 

3 

Neutral 

Neutral 

2 

Dissatisfied 

Disagree 

1  1 

Very  dissatisfied 

Strongly  disagree 

0 

Don't  know /not  applicable 

Measurement  is  the  process  of  ordering  the  psychological  experience  of  magnitude  to 
an  external  and  readily  observable  scale.  It  is  a  relationship  between  inner  sensations  that 
are  not  directly  shareable  and  an  outer  yardstick  which  we  can  all  observe  in  common. 

(Elliott  Jaques,  Creativity  and  Work,  International  Universities  Press,  Inc.,  Madison,  CT,  1990, 
p.  248.) 

Local  Area  Network  (LAN) 

A  server  or  set  of  servers,  the  group  of  computers  and  associated  devices  that  they 
service,  and  the  connectivity  (common  communications  line)  amongst  them.  A  LAN 
t5q)ically  resides  within  a  small  geographic  area  (e.g.,  an  office  building).  Usually,  the 
server  has  applications  and  data  storage  that  are  shared  in  common  by  multiple  computer 
users,  as  few  as  two  or  three  users  (for  example,  in  a  home  network)  or  as  many  as 
thousands  of  users.  LANs  are  cost  efficient  because  they  share  resources  (such  as  printers) 
and  enable  collaboration  (shared  files  on  the  server  can  be  accessed,  read,  modified  by 
multiple  users  on  the  LAN).  They  also  provide  better  response  and  transmission  times 
than  dial-up  modems  and  provide  increased  security,  since  LANs  usually  include 
firewalls  and  intrusion  devices. 
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A  poet's  hope:  to  be 
Like  some  valley  cheese. 

Local,  but  prized  everywhere. 

(W.  H.  Auden,  1907-1973,  Collected  Poems,  Xll  1958-1971,  "Shorts  11,"  from  The  Oxford 
Dictionary  of  Quotations,  Oxford  University  Press,  New  York,  1980,  p.  20,  No.  14.) 

Local  Multipoint  Distribution  Service  (LMDS) 

A  wireless  protocol  originally  designed  for  wireless  cable  TV.  It  is  limited  to  line  of 
sight  (LOS)  transmission;  has  a  9-mile  range;  operates  at  28-31  GHz;  and  has  a  875  Mbps 
data  rate.  While  LMDS  has  a  huge  data  rate,  it  is  very  limited  due  to  its  LOS  restriction— 
any  obstruction  between  the  antennas  will  obstruct  the  service.  See  multipoint 

multichannel  distribution  service  (IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course). 


Television:  a  medium.  So  called  because  it  is  neither  rare  nor  well  done.  (Ernie  Kovacs 
Leo  Rosten  s  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  480.) 


Auriiority'*^^*'””  Authority  (LRA)-<f.  Certification  Authority  and  Registration 


Widespread  enterprises  utilizing  public  key  infrastructure  create  or  contract  for  a 
registration  authority.  The  RA  can  delegate  authority  for  local  operations  and  function: 
a  local  RA.  RAs  create  digital  certificates. 


to 


In  work,  the  essence  of  the  activity  is  the  exercise  of  discretion.  Indeed,  as  1  have  had  the 
opportunity  to  learn  in  connection  with  work  measurement,  the  psychological  experience  of 
effort  in  work  lies  solely  in  the  exercise  of  discretion.  This  feature  is  the  same  whatever  the 
ype  of  work  at  issue;  that  is  to  say,  whether  we  deal  with  so-called  creative  work,  or 
research  work,  or  administrative  work,  or  manual  work,  or  the  work  of  teaching  Ihe  crucial 
factor  has  to  do  with  the  exercise  of  discretion.  (Elliott  Jaques,  Creativity  and  Work, 
International  Universities  Press,  Inc.,  Madison,  CT,  1990,  p.  155.) 


Log  Files 

Web  servers  record  log  files  that  identify  the  name  and  Internet  protocol  address  of 
computer,  time  of  request,  uniform  resource  locator  (URL)  requested,  file  download 
times,  user  name,  errors  occurring,  refer  link  (previous  Web  page),  and  kind  of  browser 
used.  The  local  area  network  administrator  generally  controls  the  Web  server  and,  thus, 
the  log  files.  Log  files  can  be  used  against  you  in  a  court  of  law!  Audit  log  should  be 

intrusion  detected.  These  files  should  be  recorded  on  a  write  once 
UU  (GD-R),  because  neither  a  hacker  nor  the  agency  can  erase  them  (IRMC  Developing 
Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 


(^ce  a  word  has  been  allowed  to  escape,  it  cannot  be  recalled.  (Horace,  xviii,  71,  from 
taniiliar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  123.) 

Logical  Data  Model 

£ .  of  represents  the  inherent  structure  of  that  data  and  is  independent 

of  mdividual  applications  of  the  data  and  also  of  the  software  or  hardware  mechanisms 
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that  are  employed  in  representing  and  using  the  data  (DoD  8320.1-M,  Data  Administration 
Procedures)  (IRMC  Data  Management  Strategies  and  Technologies  Course). 

Aft6r  months  of  negotiation  with  the  authorities,  a  Talmudist  from  Odessa  was  granted 
permission  to  visit  Moscow.  He  boarded  the  train  and  found  an  empty  seat.  At  the  next  stop 
a  young  man  got  on  and  sat  next  to  him.  The  scholar  looked  at  the  young  man  and  thought: 

This  fellow  doesn't  look  like  a  peasant,  and  if  he  isn't  a  peasant  he  probably  comes  from  this 
district.  If  he  comes  from  this  district,  then  he  must  be  Jewish  because  this  is,  after  all,  a 
Jewish  district.  On  the  other  hand,  if  he  is  a  Jew,  where  could  he  be  going?  I'm  the  only  Jew 
in  our  district  who  has  permission  to  travel  to  Moscow.  Ahh?  But  just  outside  Moscow  there 
is  a  little  village  called  Samvet,  and  Jews  don't  need  special  permission  to  go  there.  But  why 
would  he  be  going  to  Samvet?  He's  probably  going  to  visit  one  of  the  Jewish  families  there, 
but  how  many  Jewish  families  are  there  in  Samvet?  Only  two:  the  Bernsteins  and  the 
Steinbergs.  The  Bernsteins  are  a  terrible  family,  and  a  nice  looking  fellow  like  him  must  be 
visiting  the  Steinbergs.  But  why  is  he  going?  'The  Steinbergs  have  only  daughters,  so  maybe 
he's  their  son-in-law.  But  if  he  is,  then  which  daughter  did  he  marry?  They  say  that  Sarah 
married  a  nice  lawyer  from  Budapest,  and  Esther  married  a  businessman  from  Zhitomer,  so 
it  must  be  Sarah's  husband.  Which  means  that  his  name  is  Alexander  Cohen,  if  I'm  not 
mistaken.  But  if  he  comes  from  Budapest,  with  all  the  anti-Semitism  they  have  there,  he 
must  have  changed  his  name.  What's  the  Hungarian  equivalent  of  Cohen?  Kovacs.  But  if 
they  allowed  him  to  change  his  name,  he  must  have  some  special  status.  What  could  it  be? 

A  doctorate  from  the  University.  At  this  point  the  scholar  turns  to  the  young  man  and  says, 

"How  do  you  do.  Dr.  Kovacs?"  "Very  well,  thank  you,  sir"  answered  the  startled  passenger. 

"But  how  is  it  that  you  know  my  name?"  "Oh,"  replied  the  Talmudist,  "it  was  obvious. 

(Received  as  Internet  e-mail — an  illustrative  story.) 

Logic  Bombs 

Programs  added  to  existmg  applications  that  execute  under  prespecified  conditions 
(usually  a  date)  to  trigger  execution  of  a  destructive  payload.  They  are  not  self-replicating. 
Sometimes  they  can  be  activated  through  sharing  infected  software.  Configuration  control 
mechanisms  and  peer  reviews  of  newly  delivered  code  lower  the  risk  of  logic  bombs. 

You  are  a  barnacle  on  the  ship  of  progress.  (Robertson  Davies,  "The  Ugly  Spectre  of 
Sexism,"  High  Spirits,  Viking  Press,  New  York,  1982,  p.  106.) 


Logon 

The  process  of  establishing  authentication  and  identification  between  a  user  and  an 
automated  system  (computer,  Web  site,  local  area  network).  Various  means  (with  varying 
strengths)  are  used  to  do  so.  These  range  from  the  weakest  (no  identification)  through 
personal  identification  numbers,  passwords  or  secret  phrases,  smart  cards,  to  biometrics. 
According  to  William  Murray  (from  Charles  Breed,  PKl:  The  Myth,  the  Magic  and  the 
Reality,  h ftp:  /  /networking.earthweb.com /netsecur /article / 0„12084  6.15851 ,00.html  (see 
part  4)  used  in  IRMC  Managing  Networked  Security  in  a  Networked  Environment 
Course),  "millions  of  computer  users  are  spending  tens-of-minutes  per  day  logging  on 
and  logging  off  [so  that]  even  small  improvements  in  the  efficiency  of  logon  are  valuable. 
In  a  world  in  which  the  biggest  single  chore  of  administrators  is  remedying  lost  and 
forgotten  passwords,  these  [PKI]  advantages  are  significant." 

It  is  useful  to  place  an  accovmt  history  banner  on  the  screen  during  logon  (this  puts  the 
last  time  a  user  logged  on  onto  the  screen  so  that  the  user  can  check  to  see  if  there  is  an 
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anomaly)  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 


One  machine  can  do  the  work  of  fifty  ordinary  men.  No  machine  can  do  the  work  of 
one  extraordinary  man.  (Elbert  Hubbard,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F. 
Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  212.) 
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Mail  Bombs— see  Denial  of  Service 

Mail  bombs  are  attacks  intended  to  disrupt  or  deny  service  by  an  information  system 
(usually  through  the  Web).  They  are  sent  via  e-mail.  For  instance,  the  attacker  could  use  a 
mail  bomb  which  floods  the  server,  35  Mb  attachments  to  e-mails  to  crash  the  server, 
attach  nested  attachments  to  e-mail  messages  to  crash  the  server  (IRMC  Managing 
Networked  Security  in  a  Networked  Environment  Course). 

People  are  unaware  of  many  of  the  basic  reasons  why  they  behave  in  the  way  they  do, 
and  to  discover  these  reasons  is  difficult  and  time-consuming,  and  calls  for  special 
procedures.  (ElUott  Jaques,  The  Changing  Culture  of  a  Factory,  Dryden  Press,  New  York,  1952, 

p.  251.) 

Mainframe  Computer 

Computers  were  originally  large  devices  employing  vacuum  tube  technology  and 
relays  for  memory.  RADM  Grace  Hopper,  USN,  one  of  the  people  who  worked  on 
ENIAC,  the  first  government  computer,  gave  lectures  on  what  it  was  like  working  on  it. 
She  explained  that  the  first  computer  bug  was  an  actual  insect  that  fouled  up  the 
computer  by  entering  into  its  innards.  The  operators  taped  it  into  their  logbook.  RADM 
Hopper  also  handed  out  "nanoseconds,"  lengths  of  wire  about  a  foot  long  or  so— the 
distance  light  travels  in  one  nanosecond  (1  billionth  of  a  second). 

In  the  1970s  mainframe  computers  were  large  and  expensive,  owned  by  large 
enterprises.  They  were  used  in  a  batch  mode  rather  than  interactively.  Users  submitted 
their  programs  (usually  in  boxes  of  punched  cards)  to  the  computer  department  that  ran 
the  jobs  consecutively.  Such  jobs  could  be  in  computer  assembly  language  (not  far 
removed  from  octal  equivalents  of  computer  language  or  binary),  emerging  high-level 
languages  (HLLs),  or  high-order  languages  (HOLs)  such  as  FORTRAN  or  ALGOL. 
Programs  were  assembled  (by  an  assembler  program  if  written  in  assembly  code)  or 
compiled  (by  a  compiler  program  if  written  in  a  high-level  language).  Initially,  compilers 
needed  two  passes;  first  converting  the  HLL  into  assembly  language  and  then  into 
computer  language.  Later  compilers  compiled  directly  into  binary.  Improvements  in 
technology  and  software  resulted  in  the  advent  of  minicomputers  that  were  far  more 
affordable  and  could  be  decentralized  (not  all  located  in  a  central  computer  department). 
BASIC  was  developed  as  an  intermediate  HOL,  easier  to  learn  and  use,  but  not  as 
powerful.  Computers  were  adapted  to  perform  multiprocessing  such  that  several 

programs  could  execute  at  the  same  time. 

Microcomputers  further  shrank  the  size  and  cost  of  computers.  Initially,  they  were 
dedicated  to  word  processing  functions  (a  program  management  office  might  have  had  a 
single  word  processor  for  the  office).  Continued  improvements  in  technology  and 
software  resulted  in  the  personal  computer  and  permitted  them  to  be  distributed 
throughout  the  enterprise.  Initially,  they  used  the  disk  operating  system.  However,  many 
users  utilized  dumb  terminals  (now  called  thin  clients)  that  had  little  innate  computing 
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power.  Their  computing  power  and  main  memory  resided  in  a  mainframe  computer  to 
which  the  terminals  were  attached. 

As  these  terminals  evolved  into  PCs  with  great  computing  power  and  large  memories, 
Microsoft  Windows  introduced  multiprocessing  and  display  to  individual  users.  Servers 
specialized  computing  devices,  were  linked  up  with  user  computers,  printers,  graphics 
terminals,  et  al.,  to  create  local  area  networks  (LANs).  This  arrangement  can  be  analogous 
to  the  prior  mainframe  or  dumb  terminal  architecture,  if  the  PCs  are  all  attached  to  the 
server.  Ethernet  and  other  developments  resulted  in  more  of  a  circular  arrangement  of 

individual  units  can  be  modularly  attached  and  unattached  to 

the  LAN  at  will. 

However,  during  the  age  of  the  incredible  shrinking  computer,  mainframes  did  not 
disappear.  Rather,  they  also  improved  dramatically  resulting  in  the  supercomputer  (e  g 
Cray).  But  PCs  have  now  been  ganged  to  virtually  create  supercomputers  via  their 
increased  system  computing  power.  On  the  other  hand,  the  National  Science  Foundation 
responded  by  ganging  together  a  large  number  of  supercomputers  forming  a  virtual 
superdupercomputer  over  the  Web.  Thus,  the  mainframe  computer  has  also  evolved 
durmg  the  computer  or  information  age. 

Worthless.  (Sir  George  Bidell  Airy,  K.C.B.,  M.A.,  LL.D.,  D.C.L.,  F.R.S.,  F.R.A.S. 

Astronomer  Royal  of  Great  Britain,  estimating  for  the  Chancellor  of  the  Exchequer'the 
l^tenhal  value  of  the  "analytical  engine"  invented  by  Charles  Babbage,  September  15, 1842 
this  resulted  in  the  British  government  discontinuing  its  funding  for  Babbage.  Todav 
owever,  Babbage  is  hailed  as  the  inventor  of  the  computer.  (Christopher  Cerf  and  Victor 
Navasky  in  The  Experts  Speak,  Villard,  NY,  1984,  p.  230.) 

Malware 

Malware  is  malicious  code.  It  can  take  the  form  of  Trojan  horses,  time  bombs,  viruses 
and  worms.  Certain  techniques  (such  as  tunneling  and  P2P)  risk  contamination  by 
malware.  Anti-virus  programs  only  catch  known  viruses.  They  are  no  protection  against 
ther  types  of  malware.  VPNs  and  encryption  schemas  protect  against  the  introduction  of 
malware  durmg  transmission,  but  may  increase  vulnerability  if  not  used  properly  by 

™  instance,  a  firewall  may  be  rendered  useless  if  using  a 

_  The  recipient  relies  instead  upon  the  trust  relationship  with  the  sender.  Malware  is 
threat  to  software  intensive  systems,  however,  as  the  table  below  shows 
(IKMC  Advanced  Software  Acquisition  Management  Course). 


Source 


Specific  Threats  to  Software-Intensive  Systems^ 


Embedded  Standalone  Networked 


Hackers  (intrusion) 

Low 

—  _ 

Medium 

Medium 

Reverse  engineering 
- 

Low 

T  T*  1 

Low 

Medium 

May  2, 1997. 
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Only  those  live  who  do  good.  (Count  Leo  Tolstoy,  quoted  by  Jacob  Braude  in  New 
Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood 
cuffs,  NJ,  June  1961,  p.  216.) 

Man-in-the-Middle  Attacks— see  Digital  Certificate,  Knowledge  Management 
Infrastructure,  and  Public  Key  Infrastructure  (PKI) 

These  are  threats  to  PKI  in  which  the  attacker  spoofs  a  target's  digital  certificate 
(public  key).  Messages  sent  via  this  bogus  public  key  (intended  for  the  target  recipient) 
can  only  be  decrypted  by  the  attacker. 

People  are  remarkably  resourceful  in  finding  new  ways  to  drop  the  ball.  (Michael 
Hammer  and  James  Champy,  Reengineering  the  Corporation,  Harper  Business,  New  York, 

1993,  p.  213.) 

Maturation 

A  threat  to  acceptance  of  evaluation  results  which  states  that  the  performance  would 
have  improved— even  if  they  didn't  experience  the  intervention— just  because  of  the 
additional  experience  they  would  have  gained  with  the  passage  of  time  (IRMC  Measuring 
Results  of  Organizational  Performance  Course). 

There  are  people  who,  psychologically,  might  be  living  in  the  year  5000  B.C.,  i.e.,  who 
can  still  successfully  solve  their  conflicts  as  people  did  7,000  years  ago.  There  are  countless 
troglodytes  and  barbarians  living  in  Europe  and  in  all  civilized  coimtries,  as  well  as  a  large 
number  of  medieval  Christians.  On  the  other  hand,  there  are  relatively  few  who  have 
reached  the  level  of  consciousness  which  is  possible  in  our  time.  We  must  also  reckon  with 
the  fact  that  a  few  of  our  generation  belong  to  the  third  or  fourth  millennium  A.D.  and  are 
consequently  anachronistic.  (C.  G.  Jung,  Psychology  and  Religion:  West  and  East,  CWll, 

Pantheon  Books,  New  York,  1958,  p.  308.) 


Mavens 

Mavens,  according  to  Malcolm  Gladwell,  are  individuals  within  a  social  network  who 
possess  detailed  knowledge  in  a  particular  domain  so  that  they  can  influence  other 
people.  In  classical  management,  they  would  be  said  to  possess  expertise  power. 

Authority  is  a  formal  right  to  exercise  power  (as  shown,  for  instance,  in  an  organizational 
chart  or  "wiring  diagram"),  but  power  is  the  actual  ability  to  accomplish  something.  The 
two  do  not  necessarily  correlate  well;  though  classical  management  says  that  they  should. 
Mavens  are  extraordinarily  valuable  in  knowledge  networks,  communities  of  practice, 
and  information  networks.  IT  mavens  are  frequently  consulted,  for  instance,  by  co¬ 
workers  with  questions  on  computers,  software  applications,  and  related  matters.  Such 
people  tend  to  have  considerable  informal  prestige.  Personnel  specialists  refer  to  mavens 
as  subject  matter  experts  (SMEs),  but  mavens  tend  to  be  at  the  high  end  of  the  SME 
distribution;  the  best  SMEs  would  be  the  mavens  (cf.  connectors  and  salesmen).  Of  course, 
mavens  exist  outside  of  work  organizations  also.  If  you  have  a  question  in  a  certain  area 
of  knowledge,  and  you  know  just  who  to  ask  about  it  to  get  a  direct  answer  (what 
computer  to  buy,  where  to  find  a  particular  item,  etc.),  that  person  is  probably  a  maven.  If, 
however,  the  person  you  ask  primarily  serves  to  refer  you  to  someone  else  (but  knows 
who  to  ask  or  seek),  the  person  is  probably  a  connector. 
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We  might  define  education  as  the  process  of  gradually  changing  the  emphasis  of  the 
underlying  mstincts  from  the  egocentric  to  the  altruistic.  (Stewart  Edward  White  With 
Folded  Wings,  E.  P.  EXitton,  New  York,  1947,  p.  5,  p.  1 1 .) 

Meme 

The  smallest  form  of  learning  instructional  information.  It  could  be  a  tip,  a  one-phrase 
insight,  or  a  paragraph  containing  the  unique  perspective  that  gives  the  learner  an  'ahaaa' 
feelmg  of  illumination  on  a  life  experience  ("The  Human  Capital  Reserve  Board:  A 
Parable  by  Thomas  P.  Hill,  in  Leader  Learning,  Fall  2001, 
http:/ /wvvw.linezine.com/6.2/articles/thhri-bap  html  ' 

Brevity  is  the  soul  of  wit.  (Shakespeare,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F. 

Lieberman,  Ed.,  Doubleday,  Garden  Gity,  NY,  1983,  p.  273.) 

Mentoring 

The  process  whereby  a  person  (often  in  the  generative  stage  of  life)  assists  a  less 
experienced  person  to  learn  and  develop  competence  and  capability  within  a  domain. 
Generally,  the  mentor  is  two  levels  above  the  mentee's  organizational  grade  or  level, 
uccess  depends  as  much  upon  personal  rapport  as  upon  technical  or  functional 
experienc^mentees  and  mentors  must  be  self-selected.  This  process  differs  significantly 
from  on-the-job  traimng  programs  or  apprenticeship  relationships,  where  new  recruits 
are  assigned  a  more  experienced  employee  to  help  the  recruit  adapt  to  the  new  business 
environment.  Mentoring  and  coaching  relationships  can  help  to  maintain  the  balance  of 
knowledge  transfer  modes  within  an  organization,  such  that  learning  is  not  solely 
expected  to  happen  through  explicit  training  courses,  manuals,  etc.  Mentoring  is  a 

primary  means  for  tacit  knowledge  transfer.  Communities  are  fertile  fields  for  such 
relationships. 

^  mankind  than  the  slanderer's  speech. 

(William  W^herley,  quoted  by  Jacob  Braude  in  Neiu  Treasury  of  Stories  for  Every  Speakm 
and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  363.) 

You  learn  by  association,  without  knowing  what  you  are  looking  at.”  In  such  an 
apprenticeship,  much  explicit  knowledge  is  conveyed  from  expert  to  novice,  but  tacit 
toowledge  grows  through  shared  observation  and  from  mimicking  behavior,  even  without 
knowmg  why.. The  newer  such  technologies  are  to  the  world,  the  more  important 
apprentices  are  to  the  innovation  process.  The  faster  the  innovation  cycle,  the  less  likely  that 
owledge  will  be  captured  explicitly.  (Dorothy  Leonard  and  Sylvia  Sensiper,  "The  Role  of 
1000  California  Management  Revieiv,  Berkeley,  CA,  Spring 

1998,  Vol.  40,  Issue  3,  pp.  112-132.)  '  t"  & 

Metadata — cf.  Data  Repository  and  Metadata  Repository 

Data  (or  information)  about  data.  Metadata  is  an  overarching  term  including  several 
variants:  ” 

1)  T^es  of  data.  In  a  data  repository,  for  instance,  the  names,  designators,  or 
categories  of  data  (e.g.,  headers  in  a  relational  database)  are  metadata. 

2)  Characteristics  of  data.  The  specific  nature  of  the  entries  in  the  database  is  part  of 
the  metadata.  For  example,  whether  temperature  is  provided  as  Fahrenheit,  centigrade,  or 
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Kelvin  in  the  database  or  repository.  Data  accuracy  is  also  part  of  the  metadata— is  the 
measure  an  integer?  If  not,  how  many  decimal  places  are  included? 

3)  Location  of  data.  Descriptive  information  about  an  organization's  data  holders  and 
cognizant  personnel  are  also  considered  to  be  metadata.  (CIO  Council  Interoperability 
Committee,  "What  Every  CIO  Needs  to  Know  About  Metadata,"  February  25, 1999) 
(IRMC  Data  Management  Strategies  and  Technologies  Course). 

I  never  metadata  I  didn't  Hke.  (Neal  Pollock,  April  12, 2000,  at  a  DMI IPT  meeting.) 

Metadata  Repository— cf.  Data  Repository 

A  specialized  database  that  stores  metadata  and  makes  it  available  for  systems 
developers  and  end-users  across  an  enterprise.  A  metadata  repository  provides  visibility 
into  the  data  assets  of  the  organization  to  promote  reuse,  integration,  and  a  shared 
baseline.  The  Navy's  new  Data  Management  and  Interoperability  Repository  (DMIR)  is 
actually  a  metadata  repository.  A  metadata  repository  is  a  powerful  tool  to  enable  data 
management.  A  metadata  repository  can  assist  a  government  agency  not  only  in 
managing  its  data  and  metadata,  but  also  in  achieving  and  confirming  its  compliance  with 
the  Clinger-Cohen  Act  and,  thus,  issuing  8121  (2000)  or  8102  (2001)  certifications. 

It  is  what  we  think  we  know  already  that  often  prevents  us  from  learning.  (Claude 
Bernard,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  264.) 


Metaknowledge 

A  concept  (though  not  the  terminology)  used  in  one  of  the  cells  of  the  Johari  Window 
that  depicts  what  you  know  that  you  know.  The  other  three  cells  or  panes  are:  what  you 
know  that  you  don't  know,  what  you  don't  know  that  you  know,  and  what  you  don't 
know  that  you  don't  know. 

Meta-knowledge  is  "knowing  what  you  know" — the  "knower  knowing  the  knower. 
Self-knowledge  is  at  the  heart  of  culturing  that  level  of  intimate  awareness  with  processes 
("the  way  I  do  things  aroimd  here")  that  underlies  self-referential  functioning.  There  is 
accumulating  evidence  that  meta-knowledge  is  at  the  core  of  learning  and  that  it  is 
ultimately  responsible  for  the  level  of  meaning  that  an  individual  knower  ascribes  to  a 
particular  object  of  knowledge.  The  inability  to  "know  what  it  knows  is  a  characteristic  of 
an  information-processing  structure  (whether  a  human  individual,  organization,  or  machine 
computer)  that  is  sequential  in  nature  and  based  on  localized,  separated  memory  stores. 

Thus,  when  confronted  with  an  item  of  information,  the  traditional  computer  has  no 
conceptual  way  of  determining  whether  the  information  is  known  (i.e.,  already  stored  in 
memory)  or  unknown  (i.e.,  not  stored  in  memory),  in  which  case  it  must  be  learned.  For 
example,  if  presented  with  two  customer  transaction  records-one  of  which  is  already  in  a 
database,  the  other  which  is  not-the  traditional  computer  architecture  will  perform  the  same 
exhaustive  search  in  both  instances  before  making  either  a  positive  or  negative 
identification.  Similarly,  one  of  the  most  prevalent  problems  faced  by  the  typical  large 
organization  when  confronted  with  changing  environmental  parameters  is  deciding 
whether  or  not  the  incoming  information  represents  something  genuinely  new  that  calls  for 
a  strategic  redirection.  Sometimes,  the  appropriate  identification  is  not  made  rmtil  it  is  too 
late  to  act.  Meta-knowledge  involves  the  ability  to  appreciate  the  degree  to  which  die 
meaning  of  information  is  context-dependent  and  requires  reasoning  by  analogy  (i.e., 
pattern  recognition).  This  ability  is  how  a  knower  adapts  and  responds;  it  is  the  essence  of 
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learning.  (Rashi  Glazer,  "Measuring  the  Knower;  Towards  a  Theory  of  Knowledge  Equity  " 
California  Management  Revieio,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  175-194.) 

Metrics — cf.  Information 

Metrics  are  measurements  generally  used  as  measures  of  success  of  a  project  or 
operation.  There  are  three  major  types  of  metrics  used  in  IT:  system,  output,  and  outcome, 
bystem  metrics  measure  how  well  the  IT  support  system  is  functioning  but  not  the 
application  or  content  being  processed.  Output  metrics  measure  the  internal  (closed 
system)  performance  of  the  system  being  measured— including  processes  and  use  of 
content  (inputs).  They  may  be  of  interest  in  optimizing  the  efficiencies  of  the  system.  They 
are  of  more  interest  to  design  engineers  versus  systems  engineers.  They  often  measure  the 
performance  of  subsystems  and  components  of  systems.  Outcome  metrics  measure  the 
system  as  a  whole  (open  systems  view)  within  an  external  environment.  Thus,  they  are  of 
interest  to  systems  engineers  evaluating  the  effectiveness  of  the  system  as  a  whole  and 
especially  to  users  of  the  system  and  other  external  stakeholders.  The  Information 
Resources  Management  College  (IRMC)  requires  students  in  its  Chief  Information  Officer 
rerhficate  program  to  successfully  complete  its  course  entitled  (Measuring  Results  of 
Organizational  Performance  Course).  This  course  extensively  explores  IT  metrics. 
Management  of  any  enterprise  or  project  requires  appropriate  and  adequate  feedback  so 
that  decisions  and  adjustments  can  be  made.  While  anecdotal  data  and  stories  can  be 
quite  helpful  in  qualitatively  evaluating  and  expressing  the  status  of  a  project,  they  are 
not  an  adequate  replacement  for  good  metrics. 

Metrics  generally  are  numerical  and  statistical  and  must  be  valid  (not  just  reliable).  In 
addition,  decision  makers  must  have  some  way  to  translate  the  metrics  into  meaningful 
orm.  In  other  words,  metrics  are  data  evolved  into  information.  Means  must  be 
preestabhshed  to  understand  the  metric  information— to  translate  it  into  knowledge. 

^ere  are  several  approaches  to  this.  Most  of  them  are  relativistic  in  nature — comparing 
the  measured  results  against  some  preselected  standard.  For  instance,  an  industry 
standard  (benchmark)  can  be  selected  for  comparison.  Alternately,  when  modifying  an 
existing  process,  the  initial  process  is  measured  with  the  metric  to  establish  a  baseline 
After  the  new  or  modified  process  is  established,  it  is  measured  with  the  same  metric 
^der  the  same  or  reasonably  similar  circumstances)  for  comparison  against  the  baseline 
This  way  progress  can  be  charted  over  time.  There  are  also  absolute  methods  such  as 
thresholds,  which  are  useful  when  there  is  a  strong  reason  to  achieve  a  specific 
measurable  goal.  ' 

Metrics  are  necessary  because;  "If  you  cannot  measure  it,  you  cannot  control  it.  And,  if 
you  cannot  control  it,  you  cannot  manage  it."  If  you  cannot  demonstrate  that  you  are 
meehng  customer  (stakeholder)  expectations,  you  will  not  b  able  to  make  a  case  for 
resources.  Robert  S.  Kaplan  and  David  P.  Norton's  "Balanced  Scorecard"  {The  Balanced 
Scorecard:  Translating  Strategy  into  Action,  Harvard  Business  School  Press,  Boston  1996)  is 
a  relatively  new  approach  to  metrics  that  includes  the  application  of  an  organization's 
vision  and  strategy  m  the  customer,  financial,  internal  business  process,  and  learning  and 
pow^  arenas  (IRMC  New  World  of  the  CIO  Course).  The  term  "metrics"  is  often  used 
mterchangeably  with  "measurement"  but  is  sometimes  used  to  mean  a  composite  of  two 
or  more  independent  measures,  typically  in  the  form  of  a  ratio  or  index  number  (A. 
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Laurent,  "Extreme  Measures:  Agencies  are  Struggling  to  Avoid  Dysfunctional 
Measurement  as  They  Try  to  Prove  Programs  are  Achieving  Real-World  Results," 
Government  Executive,  1999,  February,  pp.  45^8,  httD://www.qovexec.conn/  qpp/0299mr.htm) 
(IRMC  Measuring  Results  of  Organizational  Performance  Course).  "What  gets  measured 
gets  done."  Criteria  for  measurement:  accurate  (valid,  reliable),  relevant  (important, 
credible),  and  practical  (economic,  timely,  simple,  tamper  proof).  Objective  measures  (e.g., 
cost-benefit  analyses,  baseline  studies)  are  used  when  standards  are  available;  subjective 
measures  (e.g.,  surveys,  case  studies,  interviews)  are  used  when  process  is  not  well 
understood.  Hierarchy  of  measures  should  be  linked  to  mission  and  outcomes,  should  be 
a  vital  few,  linked  to  responsibilities,  and  balance  multiple  perspectives;  should  be  used  to 
make  decisions  and  create  processes  (IRMC  Advanced  Software  Acquisition  Management 
Course). 

From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

The  Dark  Side  of  Metrics  by  Gerry  Crispin  http:  /  /  www.staffing.org  /views/. 
points /febOl.html  3/02.  "It  was  many  years  ago  while  participating  on  process 
improvement  task  force  that  I  first  observed  the  dark  side  of  metrics." 

Let  the  Number  Help  You:  Meaningful  Metrics  for  Today  by  Kevin  Wheeler:^^ 

http:  /  / www.glresources.com/co1umns/letthenumbershelpvou.htrn  AlILSI.  Recruiters, 

like  so  many  others  on  the  support  side  of  business,  generally  don't  have  good  statistics 
about  what  they  do,  nor  do  they  have  a  plan  to  communicate  to  management  just  what 
they  have  contributed.  It  doesn't  have  to  be  that  way." 

Training  Measurement  2002  Conference:  (Presented  by  IQPC) 
http:  /  /  www.iqpc.com  /  cgi-bin/  templates/1014993315287078.85742100002./. 
genevent.html?event-2301&topic=  3/ 02, 4/ 02  (May  15-16, 2002;  Chicago,  IL,  $1599). 
"Hear  case  studies  and  crucial  industry  information  from  leading  organizations  who  are 
jjj^proving  their  training  effectiveness  with  performance  measurement  tools,  such  as 
training  scorecard." 

HR666:  HR  Metrics  Live  Cases:  http:  /  / www.ilr.cornell.edu/ cahrs/EP Archives.htm 
5 /02  (Fall  Semester  2002,  Cornell  University,  Ithaca,  NY).  "Now  is  the  time  to  consider 
participating  as  a  live  case  study  site  for  student  teams  in  Professor  Boudreau  s  HR 
Metrics'  class  during  the  Fall  2002  semester.  Live  cases  offer  ILR  students  a  tremendous 
learning  opportunity,  and  frequently  pay  significant  dividends  for  participating 
organizations  like  yours.  They  are  a  unique  way  for  you  to  gain  valuable  visibility  with 
our  students,  and  to  contribute  sigruficantly  to  the  learning  process." 

Reality  neither  consists  of  theories  nor  follows  them.  (C.  G.  Jung,  Psychological  Types, 

CW6,  Princeton  University  Press,  Princeton,  NJ,  1971,  p.  493.) 
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All  good  depends  on  the  right  measure.  (C.  G.  Jung,  Letters,  Vol.  2,  Bollingen  Series  95, 
1906-1950,  Gerhard  Adler  and  Aniela  Jaffe,  Eds.,  Princeton  University  Press,  Princeton,  NJ, 
1953,  p.  506.) 


Metropolitan  Area  Network  (MAN) 

A  system  of  links  or  a  ring  that  interconnects  a  relatively  high  concentration  of  local 
area  networks  together  within  a  small  regional  area.  The  demarcation  points  for  the  MAN 
are  the  service  delivery  nodes  at  the  campus,  base,  post,  or  station  router  or  switch  and 
the  hub,  router,  and  switch  of  the  wide  area  network  (WAN)  {Glossary  ofIM/IT  &  KM 
Terms). 


No  duty  an  Executive  had  to  perform  was  so  trying  as  to  put  the  right  man  in  the  right 
place.  (Thomas  Jefferson,  1743-1826,  J.  B.  McMaster's  History  of  the  People  of  the  United  States, 

Vol.  ii,  ch.  13,  p.  586,  from  The  Oxford  Dictionary  of  Quotations,  Oxford  University  Press  New 
York,  1980,  p.  272,  No.  18.)  ^ 

Micro  Purchases 

Government  purchases  for  less  than  $2,500.  The  preferred  method  of  purchase  is  by 
government  purchase  (credit)  card  (GPC).  The  purchases  are  not  competitive,  but  are 
amenable  to  electronic  commerce. 

I  prefer  a  small  success  to  a  larger  failure.  (LCDR  Don  Avery,  PMW143 
SPAWARSYSCOM,  February  3, 1988.) 

Middleware— see  Common  Object  Request  Broker  Architecture,  Glueware,  and 
PKEnable 

Software  programs  that  enable  two  or  more  other  software  programs  or  systems  to 
communicate  with  each  other.  Middleware  is  usually  constructed  or  tailored  to  connect 
preexishng  programs  together.  Often  these  legacy  systems  were  not  originally  designed 
to  pass  information  between  them.  Middleware  is  essential  in  virtual  integration.  It  is 
particularly  valuable  in  adding,  connecting,  and  interfacing  contractor  off-the-shelf 
software  packages  (applications).  An  extensive  set  of  legacy  systems,  for  instance,  lacking 
any  standard  data  or  interfaces,  can  each  have  a  piece  of  middleware  designed  to 
interface  with  the  particular  application  and  with  a  central  or  standard  database  or 
application.  This  precludes  creating  a  huge  number  of  cross  interfaces  between  each  pair 
of  applications  in  the  entire  set,  while  creating  a  system  wherein  each  member  application 
can  communicate  with  each  other  member. 

The  rule  of  the  majority  has  a  narrow  application,  i.e.,  one  should  yield  to  the  majority 
in  the  matter  of  detail.  But  it  is  slavery  to  be  amenable  to  the  majority  no  matter  what  its 
decisions  are.  Democracy  is  not  a  state  in  which  people  act  like  sheep.  Under  democracy, 
individual  liberty  of  opinion  and  action  is  jealously  guarded.  1  therefore  believe  that  the  ' 
minority  has  a  perfect  right  to  act  differently  from  the  majority.  (Mohandas  K.  Gandhi, 
quoted  by  Jacob  Braude  in  Neiv  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion 
Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  98.) 
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MIME,  S/MIME  (Multipurpose  Internet  Mail  Extension,  Secure/MIME) 

A  common  method  for  transmitting  nontext  files  via  Internet  e-mail.  MIME  encodes 
the  files  using  one  of  two  encoding  methods  and  decodes  it  back  to  its  original  format  at 
the  receiving  end.  A  MIME  header  is  added  to  the  file,  which  includes  the  type  of  data 
contained  and  the  encoding  method  used.  S/MIME  is  a  version  of  MIME  that  includes 
the  sender's  digital  credentials  for  secure  transmission  {Glossary  oflM/lT  &  KM  Terms). 


Those  who  are  absent,  by  its  means  become  present;  it  is  the  consolation  of  life. 

(Voltaire,  "Post,"  Philosophical  Dictionary,  1764,  from  The  International  Thesaurus  of  Quotations, 

Rhoda  Thomas  Tripp,  Harper  &  Row,  New  York,  1970,  p.  349,  entry  532,  No.  4.) 

Mirroring 

A  data  backup  technique  in  which  two  disks  are  used  vice  one.  Information  on  one 
disk  is  duplicated  onto  the  other  disk  (automatically).  This  can  cause  a  slight  loss  in 
writing  performance.  Disk  duplexing  is  a  variation  in  which  each  disk  has  its  own 
controller,  helping  to  increase  write  operations  and  provide  redundancy  in  case  a 
controller  fails.  Mirroring  retains  fast  read  operations;  has  rapid  failure  recovery;  and  the 
system  and  boot  partitions  can  be  mirrored.  However,  write  operations  are  somewhat 
slowed;  it  requires  twice  the  storage  capacity;  a  fault-tolerant  boot  disk  must  be  created 
from  http://support.microsoft.com/defaultaspx?scid^KB;EN-US;0114779.&)  (IRMC 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

Memory  does  not  mirror  the  past;  memory  re-creates  the  past.  (J.  W.  Ehrlich,  The  Lost 
Art  of  Cross-Examination,  G.  P.  Putnam,  New  York,  1970,  p.  43.) 

Mobile  Code 

Executable  software  that  is  transferred  between  parties  (usually  over  the  Internet  and 
between  suppliers  and  customers  or  between  clients  and  servers).  Java  and  ActiveX  are 
the  primary  types  (IRMC  Data  Management  Strategies  and  Technologies  Course). 


Comparison  of  Characteristics  of  Mobile  Codes 


_ X - 

Criteria 

Java 

ActiveX 

Language 

Dependent 

Independent 

Platform 

Independent 

Dependent 

Security 

Secure 

Insecure 

Openness 

Open  (ISO) 

Proprietary 

Speed 

Slower  (interpreted) 

Faster  (com.) 

Size 

Smaller 

Larger 

1  don't  write  these  stories,  they  write  me.  (Ray  Bradbury,  Quicker  than  the  Eye,  Avon 
Books,  New  York,  1996,  p.  258.) 


Model 

A  representation  of  a  system,  conceptual  or  pictorial.  A  model  is  not  identical  to  the 
system,  but  is  an  analogy  for  that  system,  and  as  with  all  analogies,  is  not  perfect  or 
complete.  Models  provide  frameworks  (frames)  of  understanding  and  provide  bases  for 
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human  communications.  Modeling  has  long  been  identified  with  simulations,  which  are 
dynamic  process  models,  whereas  models,  per  se,  are  usually  viewed  as  being  static. 
Thus,  systems  engineering  could  be  viewed  as  incorporating  a  subdomain  entitled 
modeling  and  simulation  (M&S).  Someone  defined  unreality”  to  be  when  someone 
observes  something,  interprets  the  observation,  remembers  the  interpretation  (but  not  its 
cause  or  frame),  forgets  that  it  is  only  an  interpretation,  and  acts  as  if  the  interpretation 
were  the  reality.  In  essence  there  is  a  risk  that  people  immersed  in  a  model  can  forget  that 
it  is  only  a  model  and  not  reality.  We  may  state,  for  instance,  that  we  are  an  "ESTJ." 
(Extroverted  Sensing /Sensate  Thinking  Judging).  In  truth,  there  really  is  no  such  thing 
because  the  Myers-Briggs  Type  Indicator  is  only  a  model  of  individual  preferences.  It  is 
not  reality.  There  is  no  set  of  stone  tablets  identifying  each  person's  personality  type.  A 
model  is  a  useful  tool  as  long  as  we  remember  that  it's  only  a  tool  and  has  its  limitations. 
Models  are  artificial  human  constructs  and,  as  such,  are  imperfect  and  incomplete. 

Defense  Modeling  and  Simulation  Office:  http://www.dmso.mil. 

A  scientific  theory  is  just  a  mathematical  model  we  make  to  describe  our  observations: 

It  exists  only  in  our  minds.  (Stephen  Hawking,  The  Illustrated  A  Brief  Historu  of  Time,  Bantam 
Books,  New  York,  1996,  p.  179.) 

Modem 

A  device  that  implements  modulation/ demodulation.  In  order  to  send  a  signal  over  a 
wire  (whether  copper  or  fiberoptic),  the  signal  is  modulated  by  the  sender,  sent  to  the 
recipient,  and  demodulated  by  the  receiver.  The  bandwidth  (capacity)  depends  upon  the 
modulator,  nature  of  the  cable  and  any  intervening  devices,  and  the  demodulator.  It  is  a 
chain,  so  that  the  weakest  link  determines  the  actual  capacity  of  the  chain  of 
communications.  Presently,  computers  have  built-in  modems  with  56  kbs  (kilobits  per 
second)  capacity  or  data  rate.  Thus,  their  maximum  capacity  in  one  second  is  1,000  bits. 
Since  there  are  8  bits  per  byte  (ANSI  character),  this  equals  1,000  -  8  =  125  bytes/second 
or  7,500  characters/ minute,  (approximately  1,000  words/minute).  While  faster  than  a 
typist,  it  is  rather  slow  by  computer  standards.  Special  lines  (ISDN/DSL)  provide 
increased  capacity  (e.g.,  128  kbs)  usually  2-4  times  as  large  as  the  telephone  modems. 
Cables  have  a  capacity  of  approximately  1(5  Mbps  one  and  a  half  million  bps)— about  27 
times  as  fast  as  the  56  kbs  modems. 


The  time  we  waste  in  yawning  never  can  be  regained.  (Stendhal,  Leo  Rosten's  Carnival  of 
Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  282.) 


MP3  (MPEG-1  (Motion  Picture  Expert  Group)  Audio  Layer-3) 

A  standard  technology  and  format  for  compressing  a  sound  sequence  into  a  very 
small  file  (about  1/12  the  size  of  the  original  file)  while  preserving  the  original  level  of 
sound  quality  when  it  is  played.  MP3  files  (identified  with  the  file  name  suffix  of  ''.mp3'') 
are  available  for  downloading  from  a  number  of  Web  sites  (Glossary  of  IM/IT  &  KM 
Terms). 
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Changing  the  world  is  good  for  those  who  want  their  names  in  books.  But  being  happy, 
that  is  for  those  who  write  their  names  in  the  lives  of  others,  and  hold  the  hearts  of  others  as 
the  treasure  most  dear.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New 
York,  1996,  p.  354.) 

Muds,  Moos  (Multi-User  Dungeon,  Multi-User  Dimension,  Multi-User  Dialogue) 

Interactive  games  played  by  several  people  on  the  Internet.  Originally  Dungeons  and 
Dragon"-type  games  with  demons,  elves,  and  magicians,  MUDS  have  been  created  for 
science  fiction  themes,  cartoon  characters,  and  other  types  of  games.  MUDS  have  also 
evolved  into  3-D  virtual  reality  sites.  There  are  many  variations  and  permutations  of 
MUDS.  K  rgw  ns  are  object-oriented  MUDS,  and  MUSES  (multi-user  shared 
environments)  are  generally  designed  for  elementary  and  secondary  students.  A  mush 
(multi-user  shared  hallucination)  allows  new  rooms  and  situations  to  be  created  {GlossuTy 
ofIM/lT  &  KM  Terms). 

Every  now  and  then  go  away,  have  a  little  relaxation,  for  when  you  come  back  to  your 
work  judgment  will  be  surer,  since  to  remain  constantly  at  work  will  cause  you  to  lose  your 
power  of  judgment.  Go  some  distance  away,  because  then  the  work  appears  smaller  and 
more  of  it  can  be  taken  in  at  a  glance,  and  a  lack  of  harmony  or  proportion  is  more  readily 
seen.  (Leonardo  da  Vinci  (1452-1519),  quoted  by  Len  McGrath  of  PMS  415-31,  October 
1985.) 

MultiLevel  Security  (MLS) 

Methods  used  to  enable  the  use  of  differing  levels  of  security  (i.e.,  classified 
information)  on  the  same  computer  or  equipment  at  the  same  time  by  different  persons 
under  varying  circumstances.  NS  A  has  a  Multilevel  Information  System  Security 
Initiative  (MISSI)  that  has  produced  the  Secure  Network  Server  (SNS)  Mail  Guard  (SMG) 
that  allows  transfer  of  e-mail  between  networks  of  disparate  security  levels.  See  John 
Mochulski's  "Connecting  Classified  Environments  to  the  Internet,"  {Crosstalk,  1997,  Vol. 
10,  No.  5,  May,  pp.  9-13  (IRMC  Advanced  Software  Acquisition  Management  Course). 

Men  occasionally  stumble  over  the  truth,  but  most  of  them  pick  themselves  up  and 
hurry  off  as  if  nothing  had  happened.  (Winston  Churchill,  Leo  Rosten's  Carnival  of  Wit,  E.  P. 

Dutton  &  Co.,  New  York,  1994,  p.  486.) 

Multiplexing 

Sending  multiple  signals  or  streams  of  information  on  a  carrier  at  the  same  time  in  the 
form  of  a  single,  complex  signal  and  then  recovering  the  separate  signals  at  the  receiving 
end.  Analog  signals  are  commonly  multiplexed  using  frequency-division  multiplexing 
(EDM),  in  which  the  carrier  bandwidth  is  divided  into  subchannels  of  different  frequency 
widths,  each  carrying  a  signal  at  the  same  time  in  parallel.  Digital  signals  are  commonly 
multiplexed  using  time-division  multiplexing  (TDM),  in  which  the  multiple  signals  are 
carried  over  the  same  channel  in  alternating  time  slots.  In  some  optical  fiber  networks, 
multiple  signals  are  carried  together  as  separate  wavelengths  of  light  in  a  multiplexed 
signal  using  dense  wavelength  division  multiplexing  (WDM)  {Glossary  ofIM/IT  &  KM 
Terms). 
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The  right  use  of  knowledge  is  fulfillment.  (Ursula  K.  LeGuin,  Four  Ways  to  Fori^ivcness, 

Harper  Prism,  New  York,  1995,  p.  1 17.) 

Multipoint  Multichannel  Distribution  Service  (MMDS) 

MMDS  is  a  wireless  protocol  originally  used  for  wireless  cable  TV.  It  is  not  limited  to 
line  of  sight  (LOS);  has  a  range  of  36  miles;  operates  at  25/1/7  GHz;  has  a  50  Mbps  data 
rate;  is  used  to  connect  buildings  over  some  distance,  avoiding  the  LOS  issues  of  local 
multipoint  distribution  service  (IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course). 

The  scientific  theory  I  like  best  is  that  the  rings  of  Saturn  are  composed  entirely  of  lost 
airline  baggage.  (Mark  Russell,  Leo  Rosten’s  Carnival  of  Wit,  E.  P.  Dutton  &  Co  New  York 
1994,  p.  439.) 
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Napster 

An  organization  and  its  software  application  that  allow  users  to  share  music  over  the 
Internet  without  purchasing  their  own  copies.  After  downloading  Napster,  a  user  can 
access  music  recorded  in  MP3  format  by:  typing  in  the  name  of  an  artist  or  song,  receiving 
a  list  of  what  songs  are  available,  and  downloading  the  music  from  another  user's  hard 
drive.  The  Napster  directory  lists  what  music  is  available,  which  depends  on  which 
Napster  participants  are  presently  on  line  and  what  music  resides  on  their  computers  at 
the  time.  Napster  uses  peer-to-peer  (P2P)  methods,  so  that  participants  can  access  each 
other's  computers.  There  are  considerable  security  risks  and  copyright  concerns  with  P2P. 
Napster  lost  a  court  case  when  it  was  sued  for  breach  of  copyright  (cf.  peer-to-peer). 

It's  easier  to  ask  forgiveness  than  it  is  to  get  permission.  (RADM  Grace  Hopper,  USN, 
presentation  at  the  Naval  Sea  Systems  Command,  Washington,  DC,  1987.) 

National  Information  Infrastructure  (Nil)— see  Defense  Information  Infrastructure  (DII) 
and  National  Infrastructure 

Extension  of  the  DII  concept  to  the  entire  nation. 

Kenneth  Alford  "DoD  Software  and  the  Nil,"  Crosstalk,  Vol.  7,  No.  7, 7/94  pp.  12-4 
(IRMC  Assuring  the  Information  Infrastructure  Course). 

The  National  Defense  Authorization  Act  for  Fiscal  Year  1997  (September  23, 1996,  P.  L. 
104-201,  Subtitle  F,  §  1061,  Policy  on  Protection  of  Nil  Against  Strategic  Attack)  directs  the 
President  to  report  on  this  to  Congress  including:  emergency  needs.  Nil  functions  during 
an  emergency,  responsibilities  of  federal  departments  and  agencies  relating  to  attacks, 
technology  and  funding  shortfalls,  and  legal  and  regulatory  considerations.  Its  Section 
1062,  IS  Security  Program  (ISSP),  directs  the  Secretary  of  Defense  to  allocate  given 
percentages  of  DII  funding  (Fiscal  Year  1999, 2.5  percent;  Fiscal  Year  2000, 3.0  percent; 
Fiscal  Year  2001, 3.5  percent;  Fiscal  Year  2002, 4.0  percent)  to  the  ISSP  in  addition  to 
National  Security  Agency  and  Defense  Advanced  Research  Project  Agency  funds  (IRMC 
Assuring  the  Information  Infrastructure  Course). 

http:  /  /www.nist.gov/hearings/1999/l'ir2086.htm 

http:  /  /  www.nist.gov/hearings  / 1999  /kinftech.htm 

http:  /  /ww  w.atp.nist.gov  /atp  /  97wp-lt.htm 

http:  /  /physics.nist.gov/TechAct/Div840/ecsed.html 

http:  /  /  www.law.suffolk.edu/  arodau/  articles/  arch.htm 

http://www.law.suffolk.edu/academic/hightech/ht  brochure.html 

http: /  / www.law.suffo1k.edu /academic/hightech/  students /maieraccess.html. 

While  formal  definitions  of  "information"  and  "knowledge"  remain  messy,  many 
observers  make  the  distinction  that  information  is  data  that  has  been  given  structure  and 
knowledge  is  information  that  has  been  given  meaning.  (Rashi  Glazer,  "Measuring  the 
Knower:  Towards  a  Theory  of  Knowledge  Equity,"  California  Management  Review,  Berkeley, 

CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  175-194.) 
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National  Infonnation  Infrastructure  Protection  Act  (NIIPA)  of  1996 

Legislative  analysis  by  the  computer  crime  and  intellectual  property  section  of  the 
Department  of  Justice  (P.L.  104-294,  October  11, 1996)  which  addresses  the  confidentiality, 
integrity,  and  availability  of  data  and  systems  and  revises  the  Computer  Fraud  and  Abuse 
-bttp://www.epic.org/securitv/1996  computer  law.html  (IRMC  Assuring  the 
Information  Infrastructure  Course). 


/V''wv^'  ~swiss.ai.mit.edu  / 6805 /legislation  / 18  usd  030/  s982-stmt-leahy.html 
http:/ /www-swiss.ai.mit.edu/6805/leeislation/18iisrl0.30/s982-.stmt-kyl.html 
http:/ / www.usdoi.gov/criminal/cvbercrime/compcrime.html. 

Dangers  by  being  despised  grow  great.  (Edmund  Burke,  1727-97,  Letter  to  a  Member  of 
the  Motionol  Assembly,  1791,  from  The  Oxford  Dictionciri/  of  Quotcitions,  Oxford  University 
Press,  New  York,  1980,  p.  Ill,  No.  33.) 

National  Infrastructure 

Those  infrastructures  essential  to  the  functioning  of  the  nation  and  whose  incapacity 
or  destruction  would  have  a  debilitating  regional  or  national  impact.  National 
infrastructures  include  telecommunications,  electrical  power  systems,  gas  and  oil 
transportation  and  storage,  water  supply  systems,  banking  and  finance,  transportation, 
emergency  services,  and  continuity  of  government  operations  {Glossary  oflMfYT  &  KM 
Terms).  The  National  Infrastructure  Protection  Center  (NIPC)  accumulates  confidential 
data  on  infrastructure  incidents  including  the  nature  of  the  attack,  vulnerability  exploited, 
damage  sustained,  suspected  perpetrators,  apparent  source,  systems  affected,  security  in 
place,  mitigation  actions,  date,  and  time.  Defense  Information  Systems  Agency  reporting 
guidelines  are:  within  2  hours  for  Category  1;  within  24  hours  for  Category  2  (unusual 

activity)  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 

The  National  Infrastructure  Protection  Center  (NIPC): 
http:/ /fas.org/irp/agency/doj/fbi/nipc/ 

NIPC  legal  issues:  http://www.nipc.gov/legal/lpgal.hfm. 

The  optimist  proclaims  that  we  live  in  the  best  of  all  possible  worlds,  and  the  pessimist 
fears  this  is  true.  (James  Branch  Cabell.  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co  New 
York,  1994,  p.  279.) 

National  Institute  of  Standards  and  Technology  (NIST)— see  Federal  Information 
Technology  Security  Assessment  Manual 

Part  of  the  Department  of  Commerce  and  formerly  the  National  Bureau  of  Standards, 
NIST  provides  standards  and  useful  publications  for  IT  and  IT  security.  The  Computer 
Security  Act  of  1987  (CSA)  (40  U.S.C.  759,  P.  L.  100-235,  January  8, 1988)  assigns  NIST 
responsibility  to  devise  cost-effective  security  and  privacy  standards  and  guidelines  as 
assisted  by  NSA.  NIST  also  maintained  DES  as  the  encryption  standard  in  the 
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government  until  computers  advanced  enough  so  that  DES  was  insufficient  in  strength  to 
protect  ciphertext.  NIST  publications  include: 

Information  Management  Directions:  the  Integration  Challenge,  Special  Publication  (SP) 
500-167. 

An  Introduction  to  Computer  Security:  The  NIST  Handbook,  Special  Publication  800-12 
(October  1995). 

Telecommunications  Security  Guidelines  for  Telecommunications  Management  Network, 
Special  Publication  800-13  (October  1995). 

Generally  Accepted  Principles  and  Practices  for  Security  IT  Systems,  Special  Publication 
800-14  (October  1995) . 

Guide  for  Developing  Security  Plans  for  IT  Systems,  Special  Publication  800-18. 
Self-Assessment  Guide  for  IT  Systems,  Special  Publication  800-XX  (March  9, 2001). 
Application  Portability  Profile  (APP):  The  U.S.  Government's  Open  System 
Environment  Profile,  Version  3.0  Computer  Systems  Technology  (February  1996). 

Malcolm  Baldrige  National  Quality  Award  Criteria  for  Performance  Excellence,  1998. 
http:  /  /  www.quality.nist.gov  / ,  http:  /  /  www.asq.org  / , 
http:  /  / csrc.nist.gov  /cryptval  / cmvp20Q2  / nist.html  (301)  975-3293 
marianne.swanson@nist.gov  (IRMC  Assuring  the  Information  Infrastructure  Course, 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course,  Measuring 
Results  of  Organizational  Performance  Course,  New  World  of  the  CIO  Course). 

Internet  Security  Policy:  A  Technical  Guide: 
http:/  /csrc. nist.gov /publications/ nistbul/ iti98-02.txt 
NIST  News  and  General  Information: 
http: /  / www.nist.gov /public  affairs/ siteindex.htm 
http: /  / ww^w.nist.gov / public  affairs/ contact.htm 
http:  /  / www.nist.gov  /public  affairs /con tact.htm#contacts 
http:  /  /  www.nist.gov/admin/  foia  /  foia.htm. 

1.  Engineering  is  done  with  numbers.  Analysis  without  numbers  is,  at  best,  only  an 
opinion.  2.  To  design  a  spacecraft  right  takes  an  infinite  amount  of  effort.  This  is  why  it's  a 
good  idea  to  design  them  to  operate  when  some  things  are  wrong.  3.  Design  is  an  iterative 
process.  The  necessary  number  of  iterations  is  one  more  than  the  number  you  have 
currently  done.  This  is  true  at  any  point  in  time.  (David  Akin,  professor.  University  of 
Maryland,  "Akin's  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and  confirmed 
by  Dr.  Akin  dakin@umd.edu  or  DAKIN@SSI,.UMD.EDU.  See 
http: / /spacecraft.ssl.umd.edu/academics/akins  laws.html.) 

National  Performance  Review  (NPR) — see  Performance  Measurement 

(IRMC  Measuring  Results  of  Organizational  Performance  Course).  Vice  President  A1 
Gore's  initiative  to  improve  Government  performance. 

http:  /  /govinfo.library.unt.edu/accessamerica/docs/meanbus.html 
http://www.webmerchants.com/  spectrum /npr.htm 
http://es.epa.gov/program/ exec/ nprv'is-d.html 
http:  /  /  www.brook.edu  /dybdocroot/gs/CPS/reinventing.htm. 
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When  someone  charged  Rufus  Choate  with  having  accomplished  a  certain  fine  result 
by  accident,  he  exclaimed,  "Nonsense,  you  might  as  well  drop  the  Greek  alphabet  on  the 
ground  and  expect  to  pick  up  the  Iliad."  (Quoted  by  Jacob  Braude  in  New  Treasury  of  Stories 
for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961 
p.  13.) 

National  Security  System  (NSS) 

Any  telecommunications  or  information  system  operated  by  the  U.S.  government,  the 
function,  operation,  or  use  of  which:  (1)  involves  intelligence  activities;  (2)  involves 
cryptologic  activities  related  to  national  security;  (3)  involves  command  and  control  of 
military  forces;  (4)  involves  equipment  that  is  an  integral  part  of  a  weapon  or  weapons 
system;  or  (5)  is  subject  to  subsection;  or  is  critical  to  the  direct  fulfillment  of  military  or 
intelligence  missions  {Glossanj  ofIM/IT  &  KM  Terms). 

There  once  was  a  King  who  offered  a  prize  to  the  artist  who  would  paint  the  best 
picture  of  peace.  Many  artists  tried.  The  King  looked  at  all  the  pictures,  but  there  were  only 
two  he  really  liked  and  he  had  to  choose  between  them.  One  picture  was  of  a  calm  lake.  The 
lake  was  a  perfect  mirror,  for  peaceful  towering  mountains  were  all  around  it.  Overhead 
was  a  blue  sky  with  fluffy  white  clouds.  All  who  saw  this  picture  thought  that  it  was  a 
perfect  picture  of  peace.  The  other  picture  had  mountains  too.  But  these  were  rugged  and 
bare.  Above  was  an  angry  sky  from  which  rain  fell  and  in  which  lightening  played.  Down 
the  side  of  the  mountain  tumbled  a  foaming  waterfall.  This  did  not  look  peaceful  at  all.  But 
when  the  King  looked,  he  saw  behind  the  waterfall  a  tiny  bush  growing  in  a  crack  in  the 
rock.  In  the  bush  a  mother  bird  had  built  her  nest.  There,  in  the  midst  of  the  rush  of  angry 
water,  sat  the  mother  bird  on  her  nest  ...  perfect  peace.  Which  picture  do  you  think  won  the 
prize?  The  King  chose  the  second  picture.  "Because,"  explained  the  King,  "peace  does  not 
mean  to  be  in  a  place  where  there  is  no  noise,  trouble,  or  hard  work.  Peace  means  to  be  in 
the  midst  of  all  those  things  and  still  be  calm  in  your  heart.  That  is  the  real  meaning  of 
peace."  (Internet  e-mail  story.) 

National  Security  Telecommunications  and  Infonnation  Systems  Security  Instruction 
(NSTISSD— see  International  Information  Systems  Security  Certification  Consortium  and 
System  Network  Assurance  Program 

National  Training  Standard  for  Information  Systems  Security  (INFOSEC)  Professionals 
(NSTISSI 4011,  June  20, 1994,  http:/ / www.ndii.edu/irmc/nstissi.html)  provides  the 
minimum  course  content  for  INFOSEC  professionals  in  telecommunications  security  and 
automated  information  system  security  as  required  by  NSTISSD  501.  The  site  also 
includes  the  NSTISSI  4009,  National  Information  Systems  Security  (INFOSEC)  Glossary; 
NSTISSI  4012,  National  Training  Standard  for  Designated  Approval  Authority  (DAA);  NSTISSI 
4013,  National  Training  Standard  for  Systems  Administrators  in  Information  Systems  Security 
(INFOSEC);  and  NSTISSI  4014,  National  Training  Standard  for  Information  System  Security 
Officers  (ISSO).  See  Security  Reqidrements  for  Automated  Information  Systems  (DoDD  5200.28, 
March  21, 1988)  (IRMC  Assuring  the  Information  Infrastructure  Course). 

http://crvptome.ore/nsti.ssi-7003.htin 
http:  /  /crvptome.ore  /nstissi-3003.htin 
http:/ / www.nstissc.gov/html  /librarv.html 
http:/  /  www.tscm.com/nstiss.htTn]. 
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19.  The  odds  are  greatly  against  you  being  immensely  smarter  than  everyone  else  in  the 
field.  If  your  analysis  says  your  terminal  velocity  is  twice  the  speed  of  light,  you  may  have 
invented  the  warp  drive,  but  the  chances  are  a  lot  better  that  you've  screwed  up.  (David 
Akin,  professor.  University  of  Maryland,  "Akin's  Laws  of  Spacecraft  Design"  [received  via 
Internet  e-mail]  and  confirmed  by  Dr.  Akin  dakin@umd.edu  or  DAKIN@SSL.UMD.EDU. 

See  http:  /  /spacecraft.ssl.umd.edu  / academics/akins  laws.html.) 

National  Security  Telecommunications  Advisory  Committee  (NSTAC) 

Established  in  September  1982  by  Executive  Order  12382;  Defense  Information 
Systems  Agency  director  as  manager  of  National  Communications  System;  includes  30 
chief  executive  officers  from  telecommunications  and  information  industries;  a  joint 
government-industry  partnership  addressing  nuclear  era  concerns.  NSTAC  serves  as  a 
model  for  later  government-industry  partnerships  such  as  the  National  Security 
Information  Exchange  (NSIE).  Executive  Order  12472  (April  3, 1984),  Assignment  of 
National  Security  and  Emergency  Preparedness  (NS/EP)  Telecommunications  Functions, 
established  the  National  Communications  System  (group)  and  the  Committee  of 
Principals  for  the  federal  government  coordination  with  NSTAC  (IRMC  Assuring  the 
Information  Infrastructure  Course). 

It  is  well  that  war  is  so  terrible,  or  we  should  grow  too  fond  of  it.  (Robert  E.  Lee,  Leo 
Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  499.) 

Natural  Language  Processing  (NLP) 

The  process  whereby  a  computer  "understands”  a  human.  This  differs  from  automatic 
speech  recognition  in  which  a  computer  merely  converts  oral  inputs  into  digital  for 
display  and  storage.  Automatic  speech  recognition  is  analogous  to  data  management  and 
NLP  is  analogous  to  information  management  (IM).  The  main  problem  with  NLP  lies  in 
converting  IM  to  KM.  KM  (realistic  understanding)  requires  context  recognition  that  is 
difficult  for  computers.  The  meaning  of  a  sentence  depends  upon  not  only  what,  but  also 
where,  when,  and  how  (and  perhaps  even  who  and  why)  it  is  spoken.  This  problem  is 
exacerbated  by  the  vagaries  of  language,  especially  English.  Internet  humor  lists  are 
replete  with  examples  of  puns  or  double  entendres  based  upon  the  multiple  and 
ambiguous  meanings  of  words  and  phrases.  Further,  languages  and  dialects  have 
regional  expressions  whose  meanings  are  unrelated  to  the  translations  of  their  component 
words.  Finally,  people  are  also  inclined  to  routinely  use  imprecise  or  incorrect  language 
that,  if  used  frequently  and  prevalently  within  a  ciilture,  results  in  changes  in  official 
dictionaries  over  time. 

Babelfish  translation:  http:  /  /  world.aItavista.com/ 

http://ai.iit.nrc.ca/subiects/Natural.html,  http://sakharov.ai.mit.edu/Start.html; 

http:  /  /www.sls.lcs.mit.edu/sls/about/people/root/ whatwedo/ root/ whatwedo/ ro 
ot / whatwedo  /root  / whatwedo  /applica tions.html  1-877-648-8255  Pegasus  (flight  status); 
1-888-573-8255  Jupiter  (weather); 

http://babelfish.altavista.com  /cgi-bin/translate  (IRMC  Critical  Information  Systems 
Technologies  Course). 


257 


Idealism  increases  in  direct  proportion  to  one's  distance  from  the  problem.  (John 
Galsworthy,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden 
City,  NY,  1983,  p.  119.) 

Navy  Marine  Corps  Intranet  (NMCI) 

A  Department  of  the  Navy  (DON)  initiative  to  provide  standardized  IT  functionality 
and  connectivity  throughout  DON  in  the  continental  United  States  and  selected  other 
locations.  It  is  implemented  by  the  IT  program  executive  officer  through  a  competitive 
seat  management  contract  with  a  large  vendor  team  led  by  EDS  Corp.  It  includes  35-40 
percent  participation  by  small  businesses.  NMCI  was  designed  to  interface  with  and  be 
compatible  with  IT-21.  Users  choose  between  several  levels  of  computing  and  service 
levels.  To  users,  it  resembles  other  "utilities,"  such  as  water,  telephone,  gas,  and 
electricity.  Unit  prices  were  low  (as  predicted)  due  to  the  large  quantities  involved  (up  to 
400,000  seats  in  total).  The  contract  is  valued  at  approximately  $7  billion.  Congressional 
and  optical  storage  device  concerns  and  directions  have  slowed  implementation  of  NMCI; 
however,  early  installation  has  resulted  in  successful  feedback.  NMCI  will  provide  greatly 
enhanced  security  for  the  DON  since  it  incorporates  public  key  infrastructure  and  digital 
signatures,  standardized  methods,  smart  cards,  and  (hopefully,  in  the  future)  biometrics. 
The  contract  includes  technical  upgrades  based  upon  industry  standards. 
httE://ente.rprise.spawar.navy.mil/spawarpublicsite/  and  http://wvvw.peo-it.navv.mil. 

Why  does  a  man  have  eyes  in  the  front  of  his  head?  ...  So  that  he  can  look  where  he  is 
going,  not  where  he  is  coming  from.  (Gina  Cerminara,  Manx/  Lives,  Many  Loves,  William 
Sloan  Associates,  New  York,  1963,  p.  143.) 

Need-to-Know 

The  necessity  for  access  to,  or  knowledge  or  possession  of,  specific  information 
required  to  carry  out  official  duties.  Need-to-know  complements  security  clearances  and 
classification.  Access  should  reflect  both  of  these  factors. 

A  little  knowledge  is  not  a  dangerous  thing;  the  danger  is  in  not  being  aware  that  it  is  a 
little.  ("The  Urge  to  Know,"  The  Royal  Bank  of  Canada  Monthly  Letter,  quoted  in  Rosicrucian 
Digest,  1974,  Vol.  .Lll,  No.  12,  December,  p.  23.) 

Net  Casting 

A  synonym  for  Web  casting. 

Ed  Carlson,  president  of  United  Airlines:  "Nothing  is  worse  for  morale  than  a  lack  of 
information  down  in  the  ranks.  1  call  it  NETMA— Nobody  Ever  Tells  Me  Anything— and  1 
have  tried  hard  to  minimize  that  problem."  (Thomas  J.  Peters  and  Robert  H.  Waterman,  Jr., 

In  Search  of  Excellence,  Warner  Books,  New  York,  1982,  p.  267.) 

Network  Centric  Warfare  (NCW) — http:/ / www.cfodccrp.org/NCW/ncw.html 
NCW  is  based  on  adopting  a  new  way  of  thinking  and  applying  it  to  military 
operations.  NCW  focuses  on  the  combat  power  that  can  be  generated  from  the  effective 
linking  or  networking  of  the  war  fighting  enterprise.  It  is  characterized  by  the  ability  of 
geographically  dispersed  forces  to  create  a  high  level  of  shared  battle  space  awareness 
that  can  be  exploited  via  self-synchronization  or  self-organization  to  accomplish  time- 
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urgent  tasks  and  other  network-centric  operations  to  achieve  commanders'  intent.  NCW 
is  not  narrowly  about  technology,  but  broadly  about  an  emerging  military  response  to  the 
information  age  {Glossary  ofIM/IT  &  KM  Terms)  (cf.  David  Alberts,  John  Garstka,  and 
Frederick  Stein,  Network  Centric  Warfare,  CCRP  publication).  NCW  is  an  application  of 
systems  thinking  and  systems  engineering  to  military  operations.  Through  synergy,  the 
whole  is  larger  than  the  sum  of  the  parts.  For  instance,  to  defeat  an  incoming  target,  none 
of  the  platforms  available  to  the  commander  in  the  battle  zone  may  be  sufficiently  placed 
and  armed  to  succeed.  But  a  combination  of  platforms  could  be  combined  to  do  so.  For 
instance,  one  imit  might  locate  the  target,  others  track  it,  and  still  others  fire  upon  it.  It 
also  drastically  reduces  single-point  failures  and,  thus  success  rates  and  survivability. 
With  DON  operations  decentralized  aroimd  the  globe,  equipment  obsolescence,  and 
shrinking  infrastructure,  NCW  provides  a  better,  faster,  cheaper  alternative  to  more 
traditional  attrition  warfare. 

Thought  is  the  blossom;  language  is  the  bud;  action  is  the  fruit  behind  it.  (Ralph  Waldo 
Emerson,  Capital  M,  Metropolitan  Washington  Mensa,  1994,  Vol.  29,  No.  5,  May,  p.  2.) 

Networked  Improvement  Community  (NIC) — see  Section  508,  Value-Added  Networks, 
and  extensible  Markup  Language  (XML) 

Collaborative  workspaces  that  combine  the  functionality  of  Internet  chat  rooms  with 
the  document-storage  capabilities  of  a  KM  system.  They  facilitate  the  creation  of  more 
meaningful  partnerships  among  state  and  local  providers  of  government  services, 
community  groups,  businesses,  nonprofit  organizations,  and  the  public.  Businesses  are 
the  most  sophisticated  users  of  NICs,  which  help  them  manage  customer  and  partner 
relationships.  A  good  example  is  the  Open  Electronic  Book  Forum  (OEBF)  that  includes 
traditional  media  publishers,  electronic  publishers,  hardware  manufacturers,  software 
developers,  and  various  other  organizations,  including  disability  organizations  and 
access-technology  providers.  The  purpose  of  OEBF  is  to  create  and  establish  XML 
standards  for  electronic  book  technology  and  to  promote  this  technology.  OEBF  books 
produced  by  any  publisher  will  be  readable  on  any  manufacturer's  OEBF-compliant 
device.  The  agreements  necessary  for  cross-platform  compatibility  are  critical  to  success. 
All  partners  know  that  multiple  approaches  taken  independent  of  one  another  will  result 
in  market  failure. 

NICs  that  take  advantage  of  Internet-based  collaborative  workspaces  are  one  of  the 
best  approaches  available  to  government  program  managers  who  are  looking  to  create 
innovative  e-government  projects  that  will  mitigate  digital  disparities.  Innovative  e- 
government  projects  exhibit  several  common  characteristics,  including  the  use  of  public- 
private  partnerships,  alliances  with  stakeholders,  interagency  cooperation,  and  a  focus  on 
end  users.  These  characteristics,  all  of  which  show  openness  to  accommodating 
difference,  are  inherently  citizen-centric,  and  fit  naturally  within  the  current  e- 
government  mandates.  Collaborative  workspaces  can  play  a  successful  role  in  fostering 
an  end-user  focus  by  providing  government  program  managers  with  the  networked 
improvement  community  space  needed  to  build  public-private  partnerships  and 
stakeholder  alliances  as  well  as  to  enhance  interagency  cooperation.  Collaborative 
workspaces  do  this  by  combining  the  functionality  of  Internet  chat  rooms  with  the 
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document  storage  capabilities  of  a  KM  system.  These  spaces  also  allow  the  government  to 
interact  with  a  broader  segment  of  the  public,  many  of  who  are  currently  the  most  under¬ 
served  in  terms  of  government  goods  and  services.  This  interaction  can  help  both  entities 
by  allowing  the  under-served  to  become  partners  in  innovation  with  the  government  and 
help  it  identify  new  tools  and  technologies  to  provide  greater  access  to  information. 

A  recent  successful  government  application  of  the  NIC  approach  was  the 
Environmental  Protection  Agency’s  (EPA)  online  dialogue  held  in  July,  2001,  which  was 
directed  at  certain  groups,  including  consumers,  environmental  and  advocacy  groups, 
and  minorities.  EPA  used  the  online  dialogue,  which  attracted  1,200  users,  to  gather 
comments  on  EPA’s  draft  public  involvement  policy.  The  dialogue  was  structured  in  a 
manner  similar  to  an  in-person  meeting,  starting  each  day  in  the  morning  with  an  online 
posting  of  the  daily  topic,  an  introduction,  and  comments  made  by  a  panel  of  experts. 
Approximately  100  to  200  messages  were  received  each  day,  subsequently  summarized, 
and  then  sent  to  all  of  the  participants.  While  the  dialogue  did  not  replace  the  traditional 
Federal  Register  publication  and  respective  comment  period,  it  did  allow  EPA  another 
venue  in  which  to  gather  and  share  stakeholder  comments.  (Susan  Turnbull,  Extending 
Digital  Dividends:  Public  Goods  and  Services  that  Work  for  All,  the  Federal  Architecture  and 
Infrastructure  Committee  of  the  Federal  CIO  Council's  guide,  on  the  Federal  CIO  Council 
Knowledge  Management  Working  Group  CD,  distributed  by  the  DON  CIO  (Susan 
Turnbull,  202-501-6214,  susan.turnbull@gsa.govV 

War  talk  by  men  who  have  been  in  a  war  is  always  interesting;  whereas  moon  talk  by  a 
poet  who  has  not  been  in  the  moon  is  likely  to  be  dull.  (Mark  Twain,  in  3,500  Good  Quotes  for 
Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983  p.  181.) 

Neural  Networks  (NNs) 

A  type  of  artificial  intelligence  that  mimics  human  neural  processing.  These  networks 
look  for  data  patterns  useful  for  classification,  predicting,  and  forecasting.  They  are  used 
for  data  mining  and  exploration,  fraud  detection,  and  medical  diagnoses  (e.g.,  papnet, 

Itmg  cancer,  autism).  They  use  past  examples  of  solved  problems  to  deduce  patterns. 

They  are  better  than  expert  systems  for  hidden  and  difficult-to-discern  patterns.  A  neural 

network  is  trained,  like  a  child,  using  a  multiplicity  of  instances  of  past  occurrences. 

Inputs  and  outputs  are  known,  but  the  relationship  between  them  is  unknown  or  unclear. 

About  90  percent  of  the  cases  are  used  to  construct  or  instruct  the  neural  network,  and  the 

other  10  percent  are  used  to  test  it.  Papnet  is  a  NN  that  classifies  pap  smears  as  cancerous 

or  not.  While  Papnet  costs  $25  more  than  using  a  human,  it  has  only  a  3  percent  false 

negative  rate  versus  up  to  50  percent  for  humans.  Most  credit  card  companies  now  use 

NNs  to  detect  fraud.  See  http:  /  /www. ward.systems.com  and 

http:  /  /  www.brainmaker.com  (IRMC  New  World  of  the  CIO  Course). 

http:/ / ai.iitnrc.ca/ subiects/Expert.html:  http://www.nd.com/index.htin  (IRMC  Critical 

Information  Systems  Technologies  Course). 

Most  men  would  rather  die,  than  think.  Many  do.  (Bertrand  Russell,  quoted  by  Jim 
Collins,  Good  to  Great,  Harper  Business,  New  York,  2001,  p.  144.) 
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Nodes 

Nodes  are  the  components  of  a  network.  In  social  network  analysis,  people  or 
employees  are  the  nodes.  The  nodes  are  connected  by  channels  along  which  knowledge, 
information,  and  data  flows.  In  an  IT  network,  computers,  servers,  routers,  and  other 
elements  make  up  the  set  of  nodes.  Nodes  can  vary  considerably  in  function  and 
importance  to  the  overall  system.  For  instance,  Malcolm  Gladwell,  in  The  Turning  Point, 
describes  several  types  of  social  network  nodes  of  primary  importance  to  creating 
paradigm  or  culture  shifts  within  an  enterprise.  He  calls  these  connectors,  mavens,  and 
salesmen. 


Learning  without  thought  is  labor  lost;  and  thought  without  learning  is  perilous. 
(Confucius,  The  Wisdom  of  Confucius,  Peter  Pauper  Press,  Mt.  Vernon,  NY,  1963,  p.  42.) 


NonLinear  Systems  (NTS) — see  Systems  Thinking 

A  nonlinear  system  (or  equation)  is  any  system  (or  equation)  that  is  not  linear.  Linear 
equations  are  of  the  form  y  —  ux  +  b  where  x  is  the  independent  variable  (horizontal  axis),  u 
is  the  slope  of  the  line;  and  b  is  the  intercept  {a  constant)  on  the  y  (vertical)  axis.  In  a  linear 
equation,  there  is  only  one  independent  variable  (or  factor)  and  the  result  is  a  straight  line, 
either  ever  increasing  (/)  or  ever  decreasing  (\).  Nonlinear  systems  or  equations  have 
more  than  one  variable.  Human  characteristics  virtually  always  map  onto  the  normal 
distribution  (Gaussian  distribution)  that  can  be  described  by  the  mean  (or  average,  u)  and 
the  standard  deviation.  Thus  the  normal  distribution  has  2  variables  and  is  nonlinear. 
While  many  people  use  linear  approximations,  very  few  situations  in  reality  are  linear. 
Even  the  temperature  versus  volume  of  water  is  nonlinear,  since  water  expands  near  the 
freezing  point.  Therefore,  linear  approximations  to  reality  are  almost  always  rmjustified 
and  inaccurate.  Rather,  reality  is  based  upon  complex  systems  (sometimes  called  chaotic 
systems).  Systems  thinking  is  an  approach  to  deal  with  nonlinearity.  Malcolm  Gladwell 
describes  real-world  nonlinear  effects  in  The  Tipping  Point;  it  has  also  been  called  the 
butterfly  effect  (IRMC  Leadership  for  the  21'*  Century  Course).  Linear  systems  are  related 
to  the  process  of  analysis  wherein  a  whole  is  decomposed  into  its  parts  to  attempt  to 
describe  and  understand  it.  Nonlinear  systems  are  related  to  the  opposite  process  of 
synthesis  (or  integration),  in  which  a  whole  is  created  synergistically  from  its  parts  that 
are  related  by  their  interactions  with  each  other  and  with  the  whole. 


Linear  Versus  Nonlinear  Systems  Compared 


Variables 

Shape 

MBTI 

Process 

Sampling 

Scope 

Management 

Linear 

One 

Straight  line 

ST 

Analysis 

Discrete 

Simple 

Stovepipes 

Nonlinear 

Many 

Curved  line 

NF 

Synthesis 

Statistical 

Complex 

IPTs 

By  introducing  the  unavoidable  involvement  of  the  observer  in  the  effect,  the 
Heisenberg  uncertainty  principle  has  necessarily  eliminated  linear  systems  as  a  viable 
model  for  modem  physics. 

Life  is  not  only  rational.  You  are  not  fully  adapted  to  life  by  a  merely  rational  attitude. 

To  a  certain  extent  you  have  to  keep  your  senses  open  to  the  nonrational  aspects  of 
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existence.  (C.  G.  Jung,  Letters,  Vol.  7,  Bollingen  Series  95, 1906-50,  Gerhard  Adler  and  Aniela 
Jaffe,  Eds.,  Princeton  University  Press,  Princeton,  NJ,  1953,  p.  359,  2ff.) 

There  are  no  straight  lines  in  nature.  (Stephen  Denning,  The  Springboard,  Butterworth- 
Heinemann,  Boston,  2001,  p.  108.) 

Nonrepudiation 

A  system  with  nonrepudiation  provides  the  sender  with  proof  of  delivery  and  the 
recipient  with  proof  of  the  sender's  identity.  Thus,  neither  can  later  deny  having 
processed  the  data.  Nonrepudiation  is  the  "N"  in  the  information  assurance  acronym, 
CIANA  (confidentiality,  integrity,  availability,  nonrepudiation,  and  authentication), 
which  itemizes  the  major  factors  in  computer  security.  Public  key  infrastructure  (PKI) 
with  digital  signatures  and  hashes  provides  nonrepudiation.  Under  recent  Presidential 
directives,  digital  signatures  will  be  accepted  as  legal  proof  of  signature  for  all  but  a 
handful  of  specified  documents.  This  change  in  policy  should  greatly  alleviate  some  of  the 
roadblocks  to  electronic  business  and  commerce.  Presently,  Internet  merchants  use  secure 
socket  layer  (SSL)  encryption  to  protect  the  buyer's  order  and  credit  card  number,  but 
have  no  assurance  that  the  buyer  is  legitimate.  They  can  only  rely  on  the  validity  of  the 
credit  card  used  and  take  reasonable  risks  to  make  their  sales.  Widespread  use  of  PKI  and 
digital  signatures  would  afford  merchants  a  distinct  reduction  in  transmission/ordering 
risk  though  the  risks  to  digital  certificates  would  remain. 

"You  look  a  little  drawn,"  he  said.  "1  feel  drawn.  By  an  artist  with  a  broken  arm."  (Doug 
Allyn,  Iceivater  Mansions,  St.  Martin's  Press,  NY,  1995,  p.  193.) 
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Object-Oriented  Programming  (OOP) 

A  programming  method  that  combines  data  and  software  instructions  into  a  self- 
sufficient  "object"  that  can  be  used  by  several  programs.  Java  and  C++  (the  modern 
programming  languages)  are  OOPs. 

http:  /  /catalog.com/soflinfo/obiects.html 

http:  /  /  www.traininghott.com  /  Courses/ Obiect-Oriented-Analvsis-Design-Hands: 
On-Training -Course-Class-Seminar-OOAD-OO.htm 
http:  /  /  www.quiver.freeserve.co.uk/  OOPl.htm 

http:/ /webopedia.internet.com/TERM/o/object  oriented  programiriirtg  OOP.html- 

The  path  to  paradise  leads  through  the  world  of  reality.  (Rebbe  Naphtali  of  Ropshitz 
[the  Ropshitzer],  quoted  by  Elie  Wiesel  in  Fout  Husidic  Musters,  University  of  Notre  Dame 
Press,  London,  1978,  p.  110.) 

Office  of  Management  and  Budget  (OMB) — see  A-11,  A-76,  and  A-130 

OMB  is  a  federal  executive  agency  that  provides  policy  across  the  executive  branch 
(the  Departments  of  the  Cabinet  etc.).  OMB  has  issued  several  circulars  directly  affecting 
IT. 


An  Abbot  Labs  executive  said:  "Planning  is  priceless,  but  plans  are  useless."  (Jim 
Collins,  Good  to  Great,  Harper  Business,  New  York,  2001,  p.  123.) 

OnLine  Analytical  Processing  (OLAP) 

OLAP  is  a  software  technique  for  performing  data  mining  functions.  It  is  a 
complement  to  online  transaction  processing  (OLTP).  It  enables  a  user  to  easily  and 
selectively  extract  and  view  data  from  different  points  of  view.  For  example,  a  user  can 
request  that  data  be  analyzed  to  display  a  spreadsheet  showing  all  of  a  company  s  beach 
ball  products  sold  in  Florida  in  the  month  of  July,  compare  revenue  figures  with  those  for 
the  same  products  in  September,  and  then  see  a  comparison  of  other  product  sales  in 
Florida  in  the  same  period.  To  facilitate  this  kind  of  analysis,  OLAP  data  is  stored  in  a 
"multidimensional"  database  (adapted  from  Glossary  of  IM/IT  &  KM  Terms).  OLAP  can  be 
applied  to  data  warehouses  or  data  marts.  Some  vendors  claim  to  have  data  mining  tools 
significantly  superior  to  OLAP.  OLAP  allows  users  to  drill  down — obtaining  more 
granular  views  of  the  data  as  well  as  to  slice  and  dice — flip  data  dimensions  around  to  get 
a  new  perspective  of  the  data  (i.e.,  cross  tabulate  it)  (IRMC  New  World  of  the  CIO 
Cotnse).  OLAP  applications  include:  executive  information  systems,  spreadsheet  analysis, 
trend  analysis,  ad  hoc  and  periodic  reporting,  presentations,  and  policy  analysis.  Uses 
include:  financial  modeling,  exception  reporting,  resource  allocation,  capacity  planning, 
variance  analysis,  customer  and  product  profitability  analyses,  promotion  planning,  sales 
forecasting,  and  market  share  analysis.  Types  include:  desktop  (DOLAP)  for  use  on 
personal  computers;  relational  (ROLAP),  which  creates  data  tables  from  which  users 
build  cubes;  and  multidimensional  (MOLAP),  which  stores  data  in  prebuilt 
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multidimensional  data  cubes.  But  individual  OLAP  tools  do  not  provide  full 
functionality,  OLAP  lacks  standards,  and  the  three  types  are  not  interoperable.  See  “Web 
OLAP-related  Publications"  Intp:  /  /vvww.cnynns.rnm  / . 

http:/ /altaplana.com/SuperSTAR.htnil  and  http: / /vvvvvv.businps.sr>hierts.roi-n /  (IRMC  Data 
Management  Strategies  and  Technologies  Course). 

From  Gary  Flacker's  HR  Metrics  Neivs  consolidated  from  Issues  1-5  (OPM): 

FedScope:  ww.fedscope.opm.gov  12/01.  FedScope  is  an  On  Line  Analytic  Processing 
tool  that  provides  a  free  and  easy  way  to  access  and  analyze  a  large  array  of  Federal 
employment  data  on  your  own. 

Fishing  for  fresh  thoughts  in  a  pool  of  memories.  (Stephen  Denning,  The  Sprin<^bocird, 

Butterworth-Heinemann,  Boston,  2001,  p.  57.) 

OnLine  Transaction  Processing  (OLTP) 

A  real  time  software /network  that  permits  transactions  to  be  entered  and  retrieved  by 
computer.  It  is  used  in  many  business  applications  such  as  rental  car  companies, 
consumer  sales,  credit  card  checks,  airline  reservation  systems,  etc.  (IRMC  Data 
Management  Strategies  and  Technologies  Course). 

Like  most  overnight  successes,  it  was  about  twenty  years  in  the  making.  (Sam  Walton, 

Wal-Mart,  quoted  by  Jim  Collins,  Good  to  Great,  Harper  Business,  New  York,  2001  p.  191.) 

Open  System — see  Systems  Engineering 

An  open  system  is  a  system  that  is  not  self-contained  but  rather  interacts  directly  with 
its  environment.  Thus,  open  systems  are  best  measured  through  outcome  versus  output 
metrics.  Open  systems  are  facilitated  by  the  use  of  standard  interfaces,  services,  and 
supporting  formats  that  are  often  provided  by  standard  contractor  off-the-shelf 
applications  (such  as  Netscape  or  Internet  Explorer).  Open  systems  interoperate  with 
other,  frequently  remote,  systems  and  users.  With  the  decline  of  military  specifications 
and  standards,  the  joint  technical  architecture  QTA)  was  created  to  itemize  well-defined, 
widely  used,  preferably  nonproprietary  interfaces  and  protocols,  standards  that  are 
developed  or  adopted  by  recognized  standards  bodies  or  the  commercial  marketplace, 
defined  system  interfaces  to  facilitate  new  or  additional  systems  capabilities  for  a  wide 
range  of  applications,  and  explicit  provisions  for  expansion  or  upgrading  through  the 
incorporation  of  additional  or  higher  performance  elements  with  minimal  impact.  Open 
systems  are  made  adaptable  through  implementation  of  open  systems  architectures  that 
allow  addition,  subtraction,  and  modification  of  system  elements  without  major 
modifications.  While  the  use  of  standards  facilitates  establishment  and  maintenance  of 
open  systems,  legacy  systems  can  be  transitioned  to  open  systems  through  judicious  use 
of  middleware  that  is  often  the  only  cost-effective  method  for  such  systems.  See  L.  von 
Bertalanffy's  "The  Theory  of  Open  Systems  in  Physics  and  Biology"  {Science,  1950, 3,  pp. 
23-9).  Open  systems  are  sometimes  referred  to  as  standards-based  systems  (IRMC 
Advanced  Software  Acquisition  Management  Course). 
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A  mind  is  like  a  parachute,  it  only  functions  when  it's  open.  (Defense  Systems 
Management  College,  Manufacturing  Management  Department  Quote  of  the  Day  No.  3.) 

Open  systems  joint  task  force:  http:  /  / wwvv.acq.osd.mil/ositf 
Open  Systems:  The  Promises  and  the  Pitfalls: 
http:  /  /  www.sei.cmu.edu  /  products/  courses/  open.systems.htail. 

Operating  System  (OS) 

An  operating  system  is  a  software  program  that  interacts  directly  with  the  hardware, 
creating  an  environment  for  applications  packages.  Operating  systems  are,  therefore, 
computer  (actually  processor)  dependent.  For  instance,  operating  systems  for  IBM 
personal  computers  (PCs)  differ  from  those  for  Macintosh  computers.  However,  a 
particular  software  manufacturer  will  often  produce  different  versions  of  an  operating 
system  to  run  on  different  kinds  of  computers.  Thus  there  are  Microsoft  Windows 
versions  for  both  PCs  and  Apple  computers.  The  operating  system  controls  the  execution 
of  software  on  the  computer  and  provides  several  services  such  as  resource  allocation, 
scheduling,  input  and  output  control,  and  data  management.  Windows  operating  systems 
have  replaced  disk  operating  systems  (DOS)  in  virtually  all,  modern  personal  computers, 
transforming  them  into  interactive  systems,  versus  serial  processors. 

21.  (Larrabee's  Law)  Half  of  everything  you  hear  in  a  classroom  is  crap.  Education  is 
figuring  out  which  half  is  which.  (David  Akin,  professor.  University  of  Maryland,  "Akin's 
Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and  confirmed  by  Dr.  Akin 
dakin@umd.edu  or  DAK1N@SSL.UMD.EDU.  See 
http: /  / spacecraft.ssl.umd.edu/ academics /akins  laws.html.) 

Operational  Architecture  (OA)— see  Architecture 

A  description  (often  graphical)  of  the  operational  elements,  assigned  tasks,  and 
information  flows  required  to  support  the  warfighter.  It  defines  the  type  of  information, 
the  frequency  of  exchange,  and  what  tasks  are  supported  by  these  information  exchanges 
(Information  Management  [IM]  Strategic  Plan:  Information  Superiority  version  2.0,  DoD 
CIO,  October  1999,  p.  E36)  (IRMC  Measuring  Results  of  Organizational  Performance 
Course).  An  OA  defines  the  type  of  information,  the  frequency  of  exchange,  and  what 
tasks  are  supported  by  these  information  exchanges.  Its  primary  purpose  is  to  define 
activities  and  information  exchange  requirements  (lERs).  OAs  start  with  doctrine  and 
assigned  tasks  that  drive  the  definition  of  an  activity  model.  Activity  descriptions  are  not 
based  on  organizational  models  or  force  structure.  Activity  descriptions  (which  may  cross 
organizational  boimdaries)  are  used  to  define  the  data  model  and  lERs  (which  cross 
organizational  boundaries).  OAs  are  systems-dependent  (IRMC  Advanced  Software 
Acquisition  Management  Course). 

Those  who  know  how  to  win  are  much  more  numerous  than  those  who  know  how  to 
make  proper  use  of  their  victories.  (Polybius  [c.208-126  B.C.],  History,  X,  36  from  Familiar 
Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  107.) 
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Operational  Definition 

A  description  for  a  measurement  that  defines  the  operational  means  by  which  data 
will  be  collected  and  the  rules  or  procedures  by  which  numerical  values  will  be  assigned 
to  cases  being  measured  (IRMC  Measuring  Results  of  Organizational  Performance 
Course). 


More  generally,  of  course,  introducing  the  "knower" — or  meaning  of  an 
"observation" — into  the  measurement  process  puts  us  in  direct  conflict  with  some 
fundamentals  in  the  philosophy  of  science.  With  the  notable  exception  of  Heisenberg's 
uncertainty  principle  in  quantum  mechanics,  the  whole  point  of  measurement  theory  is  to 
remove  the  knower  from  the  process.  Yet,  it  is  precisely  context  that  gives  meaning  to 
information  thus  creating  knowledge — and  results  in  different  knowers  valuing  the 
superficially  "same"  piece  of  knowledge  differently.  Measuring  the  knower  involves 
incorporating  notions  such  as  "context"  and  "subjective  interpretation" — traditionally  the 
domain  of  psychology  and  other  "softer"  disciplines— into  our  formal  investigations.  (Rashi 
Glazer,  "Measuring  the  Knower:  Towards  a  Theory  of  Knowledge  Equity,"  California 
Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  175-194.) 

operations  SECurity  (OPSEC) 

Process  denying  information  to  potential  adversaries  about  capabilities  and  intentions 
by  identifying,  controlling,  and  protecting  sensitive  information  from  unauthorized  access 
and  manipulation. 


Most  victories  come  from  instantly  exploiting  your  enemy's  stupid  mistakes,  and  not 
for  any  brilliance  in  your  own  plan.  (Orson  Scott  Card,  Shadow  of  the  Hegemon,  Tom  Doherty 
Associates,  New  York,  2000,  p.  1 1 1 .) 

Optical  Fiber  (or  Fiber  Optic) 

Refers  to  the  medium  and  the  technology  associated  with  the  transmission  of 
information  as  light  pulses  along  a  glass  or  plastic  wire  or  fiber.  Optical  fiber  carries  much 
more  information  than  conventional  copper  wire  and  is  in  general  not  subject  to 
electromagnetic  interference  and  transmission  errors.  Most  telephone  company  long¬ 
distance  lines  are  now  of  optical  fiber  {Glossary  oflMflT  &  KM  Terms). 

Seeing  is  an  art;  it  must  be  learned.  (John  Constable,  Leo  Rosten's  Carnival  of  Wit,  E  P 
Dutton  &  Co.,  New  York,  1994,  p.  53.) 

Optical  Storage  Device  (OSD) 

OSDs  use  light  to  record  data.  They  include  compact  disks-read-only  memory  (CD- 
ROM)  of  660  Mb,  compact  disk-recordable  (CD-R),  compact  disk-re-writable  (CD-RW), 
and  digital  versatile  disk  (DVD).  CDs  use  1 .6  x  .83  micron  spacing;  DVDs  use  .74  x  .4 
micron  spacing.  DVDs  hold  about  8  times  the  amount  of  CDs  =  4.7  Gbytes  of  information, 
enough  for  a  133-minute  movie.  It  can  hold  17  gigabytes  of  video,  audio,  or  multimedia 
with  two  layers  on  each  of  its  two  sides.  DVD  drives  play  CDs  as  well,  but  not  vice  versa. 
The  DVD  transfer  rate  is  faster  than  that  of  CDs.  DVD-RAM  (DVD  Forum-Hitachi, 
Toshiba,  etc.)  for  video  versus  DVD+RW  (HP/ Philips /Sony)  for  computer  data  and  data 
interchange.  At  present  no  standard  format  exists.  Magneto-optical  disks  (MO  disks)  are 
re-recordable  and  easily  transportable;  they  have  high  capacity  and  relatively  high  access 
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speeds.  A  S-inch  MO  disk  holds  650  Mb,  1.3  Gb,  or  2.6  Gb,  but  must  be  manually  flipped. 
They  use  both  magnetic  and  optical  technologies  to  obtain  ultra-high  data  density  (IRMC 
Data  Management  Strategies  and  Technologies  Course). 

Good  products  don't  make  winners;  winners  make  good  products.  Look  at  how  tasks 
are  performed.  Who's  responsible?  (Michael  Hammer  and  James  Champy,  Reengineering  the 
Corporation,  Harper  Business,  New  York,  1993,  p.  25.) 

Orange  Book— Trusted  Computing  System  Evaluation  Criteria  (TCSEC) 

DoD-STD  5200.28,  from  National  Security  Agency's  Rainbow  series,  the  security 
standard  that  has  an  orange  cover  and  so  was  dubbed  "the  orange  book."  It  is  overkill  for 
sensitive  but  unclassified  (SBU)  systems,  does  not  favor  contractor  off-the-shelf  or  open 
systems,  and  is  being  evolved  into  an  international  standard  (the  common  criteria)  which 
attempts  to  extend  the  functionality  and  applicability  of  trusted  methods  to  networked 
systems.  Also  see  National  Industrial  Security  Program  Operating  Manual  (NSPOM,  DoD- 
STD  5220.22-M)  (IRMC  Advanced  Software  Acquisition  Management  Course). 


The  Trusted  Computer  System  Evaluation  Criteria  (TCSEC) 


Protection 

Level 

Minimal 

(D) 

Discretionary 

(C) 

Mandatory 

(B) 

Verified 

(A) 

Sublevel  1 

NoDl 

Discretionary 

security 

Labeled  security 

Verified  design 

Sublevel  2 

NoD2 

Controlled  access 

Structured 

NoA2 _ 

Sublevel  3 

NoD3 

NoC3 

Security  domains 

No  A3 

Features 

No 

features 

Identification  and 
authentication 
Discretionary 
access  controls 
Object  reuse 

Audit 

Security  testing 

System 

architecture 

(process 

isolation) 

Labels 

Mandatory  access  control 
Design  specification  and 
verification 

Covert  channel  access 
Trusted  facility 
management 

Configuration 

management 

Security  testing 
(penetration) 

System  architecture  (SWE) 
Trusted  recovery 

Design  specification 
and  verification 
(formal  verification) 
Trusted  distribution 
Covert  channel 
analysis  (formal 
covert  channel 
analysis) 

To  obtain  a  free  copy,  contact  Rainbow  Series,  INFOSEC  Awareness  Division,  Attn: 
lAOC,  Ft.  George  G.  Meade,  MD,  20755-6000;  410-766-8729. 


'Wg  nGVGr  punish  failure.  \Ye  only  punish  sloppy  execution  and  the  failure  to  recognize 
reality.  (Bruce  Marlow,  chief  operating  officer  of  Progressive  Insurance.) 

Management  systems  should  reward  people  who  try  good  ideas  that  fail,  not  punish 
them.  At  Motorola  the  motto  is,  "We  celebrate  noble  failure."  (Michael  Hammer  and  James 
Champy,  Reengineering  the  Corporation,  Harper  Business,  New  York,  1993,  p.  106.) 
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Ordinal  Rating  Scale — see  Likert  and  Comparative  Scales  and  Questionnaires 
A  scale  used  in  questionnaires  and  rating  forms  in  which  the  respondent  merely 
checks  off  or  circles  the  point  in  the  scale  that,  in  his  or  her  opinion,  best  answers  the 
question  posed  by  the  item.  One  point  in  the  scale  represents  a  higher  or  lower  value  than 
the  one  next  to  it,  but  the  amount  of  the  interval  between  scale  points  carries  no  meaning 
(IRMC  Measuring  Results  of  Organizational  Performance  Course).  The  alphabet  can  be 
used  as  an  ordinal  scale — the  letters  have  a  given  order  but  no  relative  value.  It  represents 
a  low  level  in  the  theory  of  measurement  or  numbers.  Beyond  the  ordinal  system  is  the 
integer  system  (using  whole  numbers  only)  in  which  the  difference  between  the  items 
(numbers)  has  meaning— invoking  many  of  the  laws  of  arithmetic.  Centigrade  and 
Fahrenheit  also  include  negative  and  fractional  numbers  but  are  still  relative  scales. 
Beyond  them  is  the  ratio  scale  (e.g.,  Kelvin  temperatures)  that  has  a  true  zero  so  that  the 
ratios  formed  from  the  items  in  the  scale  are  meaningful.  In  other  words,  40  degrees 
Fahrenheit  or  Centigrade  is  not  twice  as  hot  as  20  degrees,  but  it  is  twice  as  hot  in  Kelvin. 
An  ordinal  scale  could  be:  3  =  high,  2  =  medium,  1  =  low. 

It  is  well  said  that  there  are  three  of  every  man;  That  which  he  is,  that  which  he  only 
thinks  he  is,  and  that  which  he  really  had  intended  to  become.  (Ernest  Bramah,  Kai  Lun<? 

Unrolls  his  Mat,  Ballantine  Books,  New  York,  1974,  p.  87.) 

Organizational  Learning — see  Learning  Organization 

The  continuous  testing  of  experience  and  the  transformation  of  that  experience  into 
knowledge,  accessible  to  the  organization  and  relevant  to  its  core  purpose.  {Glossary  of 
IM/IT  &  KM  Terms,  EXDN  CIO)  The  capacity  of  an  organization  to  acquire  the  knowledge 
necessary  to  survive  and  compete  in  its  environment  (DON  CIO's  Organizational  e- 
Learning  CD).  Of  course,  organizations,  as  artificial  human  constructs,  cannot  actually 
think  or  learn— so  this  term  is  metaphorical.  Nevertheless,  through  judicious  use  and 
maintenance  of  such  devices  as  knowledge  repositories,  organizations  can  accumulate 
knowledge.  Presently,  only  individual  humans  can  actually  translate  information  into 
knowledge,  actually  learn,  let  alone  achieve  wisdom.  Organizations  cannot  create  high- 
performing  systems  (HPSs)  or  flow  either,  but  they  can  have  atmospheres  or  cultures 
which  facilitate  or  are  conducive  to  flow  and  HPSs. 

Several  KM  and  management  books  address  this  situation  including:  In  Good  Company 
by  Don  Cohen  and  Laurence  Prusak  and.  In  Search  of  Excellence  by  Thomas  J.  Peters  and 
Robert  H.  Waterman,  Jr.  From  a  slightly  different  perspective,  however,  organizational 
learning  can  be  viewed  as  learning  through  collaboration.  Group  learning,  such  as 
bramstorming  and  the  use  of  decision  collaboration  tools  (such  as  used,  for  instance,  at  the 
National  Defense  University),  can  be  viewed  as  intermediary  between  individual  and 
organizational  learning.  Organizational  learning  in  a  real,  versus  theoretical,  sense  may  be 
limited  by  the  size  of  the  organization.  Several  authors  have  asserted  that  organizations 
must  be  limited  to  150  to  200  people  to  optimize  human  interaction — despite  physical 
economies  of  scale.  The  limitation  cited  is  that  each  person  must  be  able  to  identify  or 
know  each  other  person.  The  organization  might,  for  instance,  be  a  plant  or  facility.  Like 
microorganisms  or  bees,  such  companies  or  enterprises  will  split  into  parts  when  they 
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exceed  this  preset  limitation.  Additional  research  is  needed  in  this  area  regarding 
organizational  sizes,  Myers-Briggs  preferences,  flow,  etc. 

The  Society  for  Organization  Learning:  http:  /  / www.solonline.oraZ. 

Only  a  thing  that  changes  and  evolves  lives,  but  static  things  mean  spiritual  death.  (C. 

G.  Jung,  Letters,  Vol.  2,  Bollingen  Series  95, 1951-61,  Gerhard  Adler  and  Aniela  Jaffe,  Eds., 

Princeton  University  Press,  Princeton,  NJ,  1953-75,  p.  711.) 

No  one  ...  is  so  young  he  cannot  teach  or  so  old  he  cannot  learn.  (Marion  Zimmer 
Bradley,  The  World  Wreckers,  Ace  Books,  New  York,  1971,  p.  61.) 

Outcome  Measure(s),  Outcomes — see  Feedback  and  Metrics 

Measurements  relating  to  the  results  of  the  customer  using  the  organization  s 
products  and  services  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 
"An  outcome  is  the  resulting  effect  of  the  investment  on  mission  accomplishment 
(Defense  Information  Systems  Agency  Performance  Planning  Guidance  for  Fiscal  Year  1998, 
p.  4).  A  measure  of  mission  accomplishment  effectiveness  involving  external  entities  or 
customers. 

Only  a  life  Uved  for  others  is  a  life  worthwhile.  (Albert  Einstein,  quoted  by  lacob  Braude 
in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc., 

Englewood  Cliffs,  NJ,  June  1961,  p.  408.) 

Output  Measure(s),  Outputs — see  Feedback  and  Metrics 

Measurements  of  the  quantity,  quality,  or  timeliness  of  work  products  and  services 
provided  by  the  organization  and  supplied  to  the  customer  and  target  users  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  Output  measures  are 
generally  internal  measures  within  a  system  and  do  not  adequately  reflect  system  or 
organizational  effectiveness. 

Q.  E.  D.  =  quad  erat  demonstrandum  (Which  it  was  necessary  to  demonstrate).  (Euclid 
[300  B.C.]  Elements,  proposition  5,  from  Eamiliar  Quotations  by  John  Bartlett,  Little,  Brown  & 

Co.,  Boston,  1968,  p.  103b.) 
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Packet 

A  small,  self-contained  parcel  of  data  sent  across  a  computer  network  or 
communications  line.  Each  packet  contains  a  header  that  identifies  the  sender  and 
recipient  and  data  to  be  delivered  (from  GlossuTy  of  IM./IT  &  KM.  Totths). 

Epigrams  succeed  where  epics  fail.  (Persian  proverb,  in  3,500  Good  Quotes  for  Speakers, 

Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  Gity,  NY,  1983,  p.  84.) 

Packet  Filtering 

Proc6ss  wh6r0by  s  fir6W3ill  prohibits  connoction  to  untrustod.  or  undosirGcl  sites  by 
filtering  packet  requests.  Sites  can  be  Internet  Web  sites  or  e-mail  senders  and  receivers. 

Protection?  I'd  be  safer  dancing  Swan  Lake  in  a  buffalo  stampede.  (Doug  AUyn,  Icewater 
Mansions,  St.  Martin's  Press,  NY,  1995,  p.  191.) 

Palm™ 

The  trade  name  for  a  popular,  handheld  personal  digital  assistant  (PDA)  or  palmtop 
computer.  Originally  the  Palm,  which  is  used  mainly  for  personal  organization,  wireless 
e-mail,  note-taking,  and  electronic  games,  was  called  the  Palm  Pilot.  It  was  introduced  in 
1996  by  Palm  Computing,  Inc.  There  are  various  versions  with  increasing  capabilities 
(adapted  from  the  Glossary  ofIM/IT  &  KM  Terms). 

The  leader  must  have  authority  over  the  resources  involved  in  performing  the  division's 
processes.  A  leader  is  someone  who  makes  [people]  want  what  he  or  she  wants.  (Michael 
Hammer  and  James  Champy,  Reengineering  the  Corporation,  Harper  Business,  New  York, 

1993,  pp.  103-105.) 

Paperwork  Reduction  Act  (PRA)  of  1995  (revision  of  original  1987  version),  P.  L.  104-13 
http://www.rdc.noaa.gov/~pra/pralaw.htm  44  U.S.C.  35. 

It  required  agencies  to  have  a  single  point  of  contact  (senior  information  resources 
management  [IRM]  official)  responsible  for  all  agency  information  and  reporting  directly 
to  the  agency  head.  Responsibilities  included:  integrative  information  management 
planning  (electronic  collection  and  dissemination  of  information,  records  management, 
and  safeguards)  and  IT  management  (performance  evaluation  and  analysis,  strategic  and 
operational  planning,  IT  acquisition  and  oversight,  IT  use).  It  also  included  basic 
definitions  of  data,  information,  records,  life  cycle,  etc.  IT  processes  were  to  be  reviewed 
annually  by  the  Office  of  Management  and  Budget  (OMB)  via  an  annual  agency  report. 

It  requires  OMB  to  "ensure  ...  the  efficiency  and  effectiveness  of  inter-agency  IT 
initiatives  to  improve  agency  performance  and  the  accomplishment  of  agency  missions" 
(Defense  Information  Systems  Agency,  Performance  Planning  Guidance  for  Fiscal  Year  1998, 
p.  G-3)  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  It  created  the 
Office  of  Information  and  Regulatory  Affairs  (OIRA)  in  OMB  to  establish  government¬ 
wide  IRM  policies  and  oversee  and  review  agency  implementation.  It  requires  federal 
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agencies  to  use  risk  management  to  provide  security  protection  per  the  Computer 
Security  Act  (IRMC  Assuring  the  Information  Infrastructure  Course). 

No  act  of  kindness,  no  matter  how  small,  is  ever  wasted.  (Aesop,  "The  Lion  and  the 
Mouse,"  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  75b.) 

Paradigm 

An  overarching  frame  of  reference  (including  a  set  of  assumptions)  under  which  one 
operates;  worldview.  Thomas  Kuhn's  popularized  the  paradigm  process  of  the 

philosophy  of  science  described  in  his  classic  masterpiece,  The  Structure  of  Scientific 
Revolutions.  ^ 

Any  hypothesis,  however  absurd,  ma\j  be  useful  in  science  if  it  enables  a  discoverer  to 
conceive  things  in  a  new  way;  but  that,  when  it  has  served  this  purpose  by  luck,  it  is  likely 
to  become  an  obstacle  to  further  advance.  (Bertrand  Russell,  A  History  of  Western  Philosophii 
Touchstone  Books,  Simon  &  Schuster,  New  York,  1945,  p.  131.) 

Pass  Phrase 

A  sequence  of  characters,  longer  than  the  acceptable  length  of  a  password  that  is 
transformed  by  a  password  system  into  a  virtual  password  of  acceptable  length  {Glossary 
ofIM/IT  &  KM  Terms).  Pass  phrases  can  be  used  for  computer  logon. 

Process  change  ripples  into  universal  organizational  change.  Seek  a  catch-phrase  which 
IS  clear,  elegant,  and  eye-opening.  (Michael  Hammer  and  James  Champy,  ReenHneerm  the 
Corporation,  Harper  Business,  New  York,  1993,  p.  181.) 

Password 

A  string  of  keyboard  characters  used  to  identify  a  user  for  logon  into  a  computer 
system.  The  password  is  usually  six  to  eight  characters  in  length.  Some  systems  used 
fixed-length  passwords;  others  allow  users  to  choose  the  length.  Passwords  that  use  only 
alphabetic  letters  are  very  weak  and  can  be  broken  by  automated  dictionaries  used  by 
hackers.  Strong  passwords  use  case-sensitive  letters  (some  small,  some  capitals),  numbers, 
and  special  characters.  Information  systems  can  enforce  strong  password  policies 
automatically,  disallowing  users  from  choosing  passwords  that  do  not  meet  strength 
criteria.  Password  life  is  also  controlled,  requiring  regular  replacements  by  all  users.  This 
procedure,  however,  is  ineffective  against  hackers  who  have  already  obtained  a  user 
password.  Strengthening  passwords  makes  memorizing  them  far  more  difficult  and 
creates  a  diminishing  returns  scenario.  Users  are  far  more  likely  to  write  down  their 
passwords  if  they  are  difficult  to  remember.  Also,  it  has  been  noted  that  local  area 
network  administrators  spend  an  inordinate  amount  of  time  dealing  with  users  who  have 
forgotten  their  passwords.  This  increases  the  risk  of  social  engineering  as  well.  Use  of 
smart  cards  (tokens)  and  biometrics  can  alleviate  or  even  eradicate  this  problem.  Someday 
passwords  may  become  an  historical  anomaly.  Presently,  however,  they  are  the  main 
procedure  for  user  logon,  both  onsite  and  offsite. 

Password  changing  is  a  good  example  of  an  illusion  of  security.  If  the  password 
system  is  strong  or  quickly  aged,  users  will  write  them  down  or  use  the  "save  my 
password"  option.  If  the  process  becomes  too  complex,  users  will  invalidate  the  entire 
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system  (Girard,  O'Reilley,  and  Smith,  "Remote  Access  Security:  Everything  You  Know  is 
Gone,"  Gartner  Group  Strategic  Analysis  Report,  7/28/98R-05-4104,  which  includes  security 
worst  and  best  practices)  (IRMC  Assuring  the  Information  Infrastructure  Course). 
Password  files  must  be  protected  (encrypted);  auto-logon  scripts  should  be  disallowed; 
password  files  should  be  purged  when  people  leave;  passwords  can  also  be 
supplemented  with  biometrics  such  as  fingerprints  (now  available  in  mousse)  or  retinal 
scans  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 
Personal  identification  numbers  and  passwords  have  been  used  to  provide  access  to 
corporate  networks,  but  these  methods  do  not  offer  the  strong  proof  of  identity,  data 
confidentiality,  or  data  integrity  needed  to  conduct  high-value  commerce  online  ...  it  is 
not  adequate  for  high-value,  business-to-business  transactions.  Also,  it  is  a  risky 
technology  when  securing  highly  personal  information,  such  as  medical  or  financial 
records*^  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course  author's  final  paper,  PKI  Vulnerabilities). 

It  is  as  easy  to  recall  a  stone  thrown  violently  from  the  hand  as  a  word  which  has  left 
your  tongue.  (Menander  [343-292  B.C.],  Fragment  1092k  from  Familiar  Quotations  by  John 
Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  123.) 

Peer-to-Peer  (P2P) 

This  refers  to  client  sharing  services  such  as  Napster  and  Gnutella  wherein  computers 
in  the  network  act  as  servers  to  other  users  on  the  network.  People  signing  up  for  such 
services  allow  outsiders  to  view  the  contents  of  their  computers— not  just  the  MP3  music 
files.  Such  files  themselves  could  contain  Trojan  horses  or  other  malware.  Indeed,  the  rock 
band  "Barenaked  Ladies"  planted  a  nonmalicious  Trojan  horse  in  their  music  protesting 
its  unauthorized  use.  P2P  circumvents  copyright  laws  and  also  opens  users  up  to 
significant  security  and  privacy  risks.  Thus,  some  network  administrators  are  blocking 

access  to  P2P  sites  and  downloads  of  MP3  files. 

The  courts  have  foimd  P2P  to  be  legal  in  general  though  Napster  was  found  guilty 
by  overstretching  the  "fair  use"  laws  that  allow  individuals  to  duplicate  copyrighted 
materials  for  personal  use.  A  company  can  allow  swapping  of  information  without 
liability  if  it  does  not  know  copyrighted  material  is  being  illegally  swapped  and  doesn  t 
have  a  reasonable  way  to  stop  it  (e.g.,  AOL  with  e-mail)  (IRMC  Developing  Enterprise 
Security  Strategies,  Guidelines,  and  Policies  Course). 

An  idea  isn't  responsible  for  the  people  who  believe  in  it.  (Don  Maquis,  Leo  Rosten  s 
Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  241.) 

Pendulum  Effect  or  Principle 

The  human  tendency  to  overcompensate  for  a  detected  problem  or  symptom  thereof. 
Peter  Senge  describes  it  in  The  Fifth  Discipline.  For  instance,  the  costs  and  benefits  of 
centralization  and  decentralization  are  similar,  but  organizations  (especially  as 
management  or  administrations  change)  tend  to  flip-flop  from  one  to  the  other. 
Unfortimately,  people  tend  to  be  proponents  of  a  position,  emphasizing  the  positive  side 
of  their  position  and  the  negative  side  of  the  opposition's  position.  Such  a  debate 
approach  obscures  the  net  value  of  the  positions  and  is,  thus,  antithetical  to  decision 
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theory  (e.g.,  the  scientific  method).  The  pendulum  effect  is  opposed  to  the  principle  of 
balance.  Following  the  aircraft  attacks  on  the  Pentagon  and  World  Trade  Center,  airport 
security  workers  began  confiscating  from  passengers  everything  sharp,  including 
corkscrews  and  fingernail  clippers.  It  is  darkly  humorous  to  envision  such  an  attack— a 
handful  of  terrorists  armed  with  fingernail  clippers  versus  a  plane  full  of  passengers. 
Events  in  Pennsylvania  argue  otherwise. 

Everything  tends  sooner  or  later  to  go  over  into  its  opposite.  Heraclitus  (c.  500  B.C.) 
called  this  process  of  psychological,  historical,  and  cosmogonic  overbalancing  enantiodwmia, 
running  the  other  way."  (Carl  G.  Jung,  Two  Essm/s  on  Anah/ticnl  Psycholoi^y,  London- 
BailHere,  Tindall  and  Cox,  1928,  pp.  188-189,  quoted  by  Joseph  Campbell  in  Occidental 
Mythology,  Volume  3  of  The  Masks  of  God  tetrology.  Penguin  Books,  New  York,  1988,  p.  160.) 

Every  reform,  however  necessary,  will  by  weak  minds  be  carried  to  an  excess  that  itself 
will  need  reforming.  (Samuel  T.  Coleridge,  Biographia  Litcraria,  quoted  by  Jacob  Braude  in 
Nav  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood 
Cliffs,  NJ,  June  1961,  p.  332.)  * 

Penetration  Test 

The  mtermediate  level  of  information  security  testing  (audit  is  the  lower  level;  red 
team  attack  is  the  higher  level).  The  Government  Accounting  Office  conducted 
penetration  tests  against  the  State  Department  in  1998.  Penetration  tests  are  conducted  to 
assess  how  susceptible  a  system  is  to  unauthorized  access.  They  also  reveal  whether  the 
system  detects  unauthorized  access  attempts.  They  provide  empirical  evidence  of  system 
vulnerabilities  to  management;  provide  a  method  for  testing  complex,  diverse,  and 
interconnected  systems;  enliance  the  computer  security  audit  with  more  comprehensive 
results  in  a  more  efficient  and  effective  manner.  Penetration  test  teams  may  have  some 
prion  knowledge  of  the  system.  The  major  considerations  are;  scope  (what  is  to  be  tested, 
when,  end  points,  locations,  who  performs,  who  monitors,  tools  and  techniques),  risks 
(minimize  to  acceptable  level— no  denial  of  service,  have  site  personnel  monitor  and 
coordinate,  log  test  parameters  and  results,  use  nonpeak  hours  if  necessary),  roles  and 
responsibilities  (auditors,  test  team,  contractors,  system  owners,  security  officer,  system 
admmistrators),  logistical  requirements  (IP  address  and  telephone  ranges,  control  of 
classified  or  sensitive  material,  user  accounts,  passwords,  and  access  levels,  network 
connections,  equipments),  tools  and  techniques  (select  ones  to  be  used)  (IRMC 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

Parker's  Law:  Beauty  is  only  skin  deep,  but  ugly  goes  dear  to  the  bone.  (Quoted  by 
Robert  Byrne  in  The  637  Best  Things  Ani/bodi/  Ever  Said,  Atheneiim,  NY,  1982,  #344.) 

Performance-  and  Results-Based  Management— see  Balanced  Scorecard,  Metrics, 
Feedback,  Quality,  Software,  and  Strategic  Planning 

One  of  the  10  federal  CIO  competencies,  specified  by  the  Federal  Chief  Information 
Officer  Council  Executive  Board,  included  in  the  IRMC's  curriculum  for  the  CIO 
certificate.  It  is  addressed  in  the  Government  Performance  and  Results  Act  (GPRA),  which 
requires  agencies  to  provide  an  annual  performance  plan  that  must  include:  performance 
goals;  description  of  processes,  technologies,  human,  capital,  and  information  resources 
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required;  description  of  performance  indicators;  comparison  of  actual  performance 
against  goals;  and  methods  used  to  validate  measurements.  GPRA  also  requires  a  past 
year(s)  performance  report  which  includes:  review  of  achievement  of  performance  goals; 
evaluation  of  the  plan  for  the  current  year;  and  explanations  of  the  deltas.  This  report 
builds  up  to  a  3-year  report.  GPRA  addresses  the  differences  between  outputs  (akin  to 

performance)  and  outcomes  (akin  to  results). 

A  model  for  assessing  an  agencies  performance  is  the  4As:  accountability,  alignment, 
awareness,  and  adaptability  (IRMC  New  World  of  the  CIO  Course).  It  is  the  process  of 
basing  organization  actions  and  decisions  on  actual  measured  results  of  performance.  See 
the  Department  of  Defense's  User's  Guide:  DoD  Performance  Assessment  Guide  (version 
1.0,  February  1995);  Department  of  Energy's  Defense  Programs  Special  Projects  Group 
(DP-31)  and  Environment,  Safety,  and  Health  Office  of  Operating  Experience,  Analysis, 
and  Feedback  (EH-33),  How  to  Measure  Performance:  A  Handbook  of  Techniques  and  Tools 
(October  1995);  GSA  Office  of  Policy,  Planning  and  Evaluation's  Eight  Steps  to  Developing 
and  Using  IT  Performance  Measures  Effectively  (Eebruary  1997);  National  Performance 
Review's  Best  Practices  in  Performance  Measurement:  Benchmarking  Study  Report  (Jime  1997); 
Robert  Austin's  Measuring  and  Managing  Performance  in  Organizations  (Dorset  House 
Publishing,  New  York,  1996);  Halloway,  Lewis,  and  Mallory  s  Performance  Measurement 
and  Evaluation  (Sage  Publications,  London,  1995);  Kinghorn,  Anderson,  et  al.'s  Report  by  a 
Panel  of  National  Academy  of  Public  Administration  for  the  U.S.  DoD:  IM  Performance 
Measures — Developing  Performance  Measures  and  Management  Controls  for  Migration  Systems, 
Data  Standards,  and  Process  Improvement  (Washington,  DC,  1996);  B.  Frost's  Measuring 
Performance  (Fairway  Press,  Lima,  OH,  1998);  and  Wholey,  Hatry,  and  Newcomer's 
Handbook  of  Practical  Program  Evaluation  Qossey-Bass,  San  Francisco,  1994); 
http:  /  /  www.itpolicy.gsa.gov  /  mkm/ pathways  /  pathways.htm; 
http:  /  /  www.treas.gov.ab.ca/comm/perfmeas/ measupgu/index.html; 
http:  /  /tql-navy.org /survey /index.html. 

Performance  measurement  sites: 
http://newark.rutgers.edu/~ncpp/  cdgp/Manual.htm 

http:  /  /  www.co.fairfax.va.us/ dmb/basic%5Fmanual%5F2001rpdf 
http:  /  /wvv'^w.co.fairfax.va.us  /  dmb  /basic%5Fmanual%5F2002.pdf 
http:  /  /www.co.fairfax.va.us/dmb/perf%5Fmeasure.htm 

http:/  /  www.co.fairfax.va. us/  dmb/pflinks.htm 
http:  /  / www.co.fairfax.va.us / gov / omb /PERF  MEASURE.htm 

http://www.ndu.edu/irmc/:  NDU  course  on  measuring  organizational  performance, 
DCMC  Guidebook.  See  GAO/ AIMD-97-163  Executive  Guide:  Measuring  Performance  and 
Demonstrating  Results  of  IT  Investments  (exposure  draft,  September  1997)  and  GSA's 
Performance-Based  Management:  Eight  Steps  to  Develop  and  Use  IT  Performance  Measures 
Effectively  http:  /  / www.itpolicy.gsa.gov/ mkm/pathways/ pathways.htm; 

Meyer's  "How  the  Right  Measures  Help  Teams  Excel, '  Harvard  Business  Review,  May- 

June  1994,  p.  95; 

Bishop,  Yoes,  and  Hamilton's  Performance  Measurement  for  Information  Systems:  Industry 
Perspectives  (University  of  Houston-Clear  Lake,  October  30, 1992); 
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Brynjolfsson  s  '  The  Productivity  Paradox  of  IT,"  Communications  of  the  Association  of 
Computing  Machinery  MCMj(1993,  December,  p.  67); 

(WinteTlV^^^^^^”"^  Technology's  Business  Value,"  Information  Systems  Management 

Keen's  Shaping  the  Future:  Business  Design  Through  IT  (Harvard  University  Press 
Cambridge);  ^ 

National  Academy  of  Public  Administration  (NAPA)'s  Information  Management 
Performance  Measures— Developing  Performance  Measures  and  Management  Controls  for 

Process  Improvement,  report  for  DoD,  January  1996 

Balancing  Measures:  Best  Practices  in  Performance  Management,  August  1999,  National 

Partaership  for  Reinventing  Government,  (IRMC  Measuring  Results  of  Organizational 
Performance  Course). 

As  an  aspect  of  personnel  management,  this  refers  to  the  value  relationship  between 
workers  and  the  organization,  but  it  has  many  aspects  peculiar  to  individual  domains  and 
^ocesses.  DoD  utilized  a  set  of  five  short  courses  recommended  for  new  supervisors, 
piese  included  two  courses  in  basic  supervision,  highlighting  performance  management, 
buccessful  completion  earned  the  supervisory  a  Supervisory  Excellence  Award  with 
plaque.  Unfortunately,  recipients  of  this  award  are  rare.  While  performance  management 
IS  not  unique  to  KM  or  IT,  of  necessity  it  pervades  all  bureaucratic  organizations  in 
modern  society.  Tire  success  of  organizations  in  a  changing,  competitive  environment  is 
nighly  dependent  upon  good  performance  management. 

http:/ /www.abm.rda.hq.navy.mil/osd97  hinVI 
http:/ / www.dla.mil/Dimensions/ianfpb99/DCMr.htm 

From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

Performance  Measurement  in  Not-For-Profit  and  Public-Sector  Organisations  by  Malcolm 
Macpherson:  http:  /  / www.baldrigeplus.com /Indica tors.pH  f  12/01.  "Measuring 
performance  is  increasingly  important  in  not-for-profit  and  public  sector  organizations— 
from  those  as  large  as  the  U.S.  federal  government  to  the  smallest  volunteer  group. 

uman  resources  metrics  are  the  most  relevant— spanning  function,  operations  and 
strategy."  ^ 

The  2002  Performance  Measurement  Conference:  (Presented  by  The  Conference  Board) 

jttp.//www.conference-board.org/search/dconference.cfm?conferenceid=2nn2R?H 

12/01  (March  6-8, 2002;  San  Diego,  California;  $1850).  This  conference  will  help  you 

overcome  the  key  concerns  and  obstacles  to  developing  performance  measures  using  best 
prachces.  ^ 

The  2002  Performance  Measurement  Conference:  Beyond  Measurement  to  Management 
(Presented  by  The  Conference  Board)  http: // www.conference-hnard.org  /mnfprpnrp^  / 
conference.cfm?id=255&:event=68&view=pricing  3/02  (April  16-18, 2002;  New  York,  NY; 
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$1850).  "Learn  how  the  best  performance  measurement  and  management  systems  are 
developed,  implemented  and  kept  fresh." 

Performance  Measurement  For  Government  Conference:  (Presented  by  Advanced  Learning 
Institute)  http:  /  /  www.aliconferences.com / conferences / perfmeas  mav02.htm  4/02  (May 
20-22, 2002;  Washington,  DC;  $1699).  "Several  agencies  are  making  dramatic  strides  in 
developing  approaches  and  systems  that  work  for  them.  The  periodic  sharing  of  these 
experiences  and  best  practices  is  an  important  element  of  this  government  evolution. 

Fifth  Annual  Performance  Conference:  (Presented  by  the  National  Academy  of  Public 
Administration)  http:  /  / www.marcomgroup.com/NAPAPerformance  4/ 02, 5/02  (June 
3-6, 2002;  Washington,  DC;  $995).  "The  Performance  Conference  is  where  the  top 
government  executives  and  academic  experts  from  the  U.S.  and  abroad  share  information 
and  dialogue  about  best  practices  for  performance-based  management. 

2003  Performance  Measurement  Conference:  (Presented  by  The  Conference  Board) 
http:  /  /www.conferenre-board.org  /conferences/conference.cfm?id=327  6/ 02  (May  1-2, 
2003;  New  York,  NY;  $1875)  "Integrating  measurement  and  management  for  maximum 
performance." 

Human  Resource  Performance  Measurement  -  Measuring  the  Effectiveness  of  the  HR 
Function:  (Sponsored  by  the  International  Association  for  Human  Resource  Information 
Management)  http:/ / www.ihrim.org/ events /HRMetrics/atlanta,asp  5/02  (September 
24-25, 2002;  Atlanta,  GA;  $1195)  "The  program  is  designed  to  meet  the  needs  of  HR  and 
HR  systems  professionals  who  are  responsible  for  the  design,  implementation  and 
delivery  of  HR  programs  and  processes  and/or  interested  in  developing  skills  needed  to 
be  effective  business  partners." 

At  least  four  rights  must  be  firmly  established  for  the  employed  90  percent  of  the 
working  population:  the  right  to  employment  at  full  capacity;  the  right  of  appeal  against  the 
judgments  of  superiors;  the  right  to  participate  in  policy-making;  and  the  right  to  equitable 
reward.  (Elliott  Jaques,  Creativity  and  Work,  International  Universities  Press,  Inc.,  Madison, 

CT,  1990,  p.  34.) 

Letting  the  wrong  people  hang  around  is  unfair  to  all  the  right  people  as  they  inevitably 
find  themselves  compensating  for  the  inadequacies  of  the  wrong  people.  Worse,  it  can  drive 
away  the  best  people.  (Jim  Collins,  Good  to  Great,  Harper  Business,  New  York,  2001,  p.  56.) 

Every  minute  devoted  to  putting  the  proper  person  in  the  proper  slot  is  worth  weeks  of 
time  later.  (Colman  Mockler,  CEO  of  Gillette,  quoted  by  Jim  Collins  in  Good  to  Great,  Harper 
Business,  New  York,  2001,  p.  57.) 

The  single  most  harmful  step  you  can  take  in  a  journey  from  good  to  great  is  to  put  the 
wrong  people  in  key  positions.  (Jim  Collins,  Good  to  Great,  Harper  Business,  New  York,  2001, 

p.  216.) 


Ill 


Period  of  a  Signal 

The  reciprocal  of  the  frequency  of  a  signal,  T  (the  period)  =  1/f  (where  f  =  the 
frequency).  The  length  of  time  needed  to  complete  one  full  cycle  of  a  signal.  The  time 
required  to  transmit  a  signal  over  a  distance  of  one  wavelength.  One  Hertz  =  1  cycle  per 
second.  A  10-Hz  signal  would  have  a  period  of  0.1  second  (one  tenth  of  a  second).  See 
frequency,  wavelength,  and  bandwidth. 

The  length  of  this  conversation  is  way  out  of  proportion  to  my  interest  in  it  (Dan  Rydel 
on  Sports  Night,  February  2, 1999.) 

Personal  Digital  Assistant  (PDA) 

Any  small,  mobile,  hand-held  device  that  provides  computing  and  information 
storage  and  retrieval  capabilities  for  personal  or  business  use,  often  for  keeping  schedule 
calendars  and  address  book  information  handy.  The  term  handheld  is  a  synonym.  Many 

people  use  the  name  of  one  of  the  popular  PDA  products  as  a  generic  term  (Palm)  (cf 
Blackberry). 

Where  a  calculator  on  the  ENIAC  is  equipped  with  18,000  vacuum  tubes  and  weighs  30 
tons,  computers  in  the  future  may  have  only  1,000  vacuum  tubes  and  perhaps  weigh  1  Vi 
tons.  {Popular  Mechanics,  March  1949,  quoted  by  Christopher  Cerf  and  Victor  Navasky  in 
The  Experts  Speak,  Villard,  NY,  1984,  p.  230.) 

Personal  Identification  Number  (PIN) 

A  PIN  is  a  key  number  used  to  identify  a  user.  It  is  used  at  automatic  teller  machines 
and  with  credit  cards  for  cash  advances,  etc.  PINs  are  a  weak  form  of  protection  against 
misuse  somewhat  similar  to  (but  even  weaker  than)  passwords.  Essentially,  a  PIN  is  a 
password  limited  to  numbers.  It  usually  precludes  letters  and  special  characters  that  are 
now  used  to  strengthen  passwords.  Usually  PINs  employ  fewer  characters  as  well  (four 
digits  versus  the  six  to  eight  mixed  characters  of  typical  passwords).  An  American 
National  Standards  Institute  standard  for  PIN  management  and  security  is  ANSI  X9.8- 
1982.  It  includes  a  data  encryption  standard.  See  Protection  of  PINs  in  Interchange 
(Document  4.5.6)  and  Management  and  Use  of  PINs  (Catalog  No.  207213,  both  from 
American  Bankers  Association,  Washington,  EXT,  1981). 

Whether  someone  is  the  "right  person"  has  more  to  do  with  character  traits  and  innate 
capabilities  than  with  specific  knowledge,  background,  or  skills.  (Jim  Collins,  Good  to  Great 
Harper  Business,  New  York,  2001,  p.  64.) 

Pilot  Projects 

Small-scale  undertakings  in  a  field  that  replicates  reality  (a  proposed  project).  They 
should  mvolve  all  the  key  actors  and  components.  Using  a  pilot  project  reduces  risk,  but 
they  are  more  costly  than  simulations  and  can  delay  real  action.  Post-pilot  scalability  can 
also  be  an  issue.  Thus,  there  is  a  spectrum  of  possible  activities  ranging  from  jumping  in 
feet  first  (full-scale  project  initiation)  to  pilot  projects  to  simulations  and  models  (IRMC 
Leadership  for  the  2T'  Century  Course). 
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Usual  Spectrum  of  Characteristics  for  Project  Implementations 
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Leam  to  fail  fast,  fix  it,  and  race  on.  (Price  Pritchett,  The  Employee  Handbook  of  New  Work 
Habits  for  a  Radically  Changing  World,  Pritchett  &  Associates,  Dallas,  TX,  1994,  p.  10.) 


PKEnable 

A  middleware  application  that  provides  public  key  infrastructure  (PKI)  -neutral 
connectivity.  Since  different  commercial  certification  authorities  have  incompatible  digital 
certificates  (even  if  they  are  all  X.509  compliant),  certain  middleware  products  can  link  the 
different  brands  to  allow  interoperability  through  an  infrastructure  placed  between  them. 
PKEnable  is  sold  by  SHYM  Technology  of  Boston  (http:  /  /ipw.internet.coniZ 
protection/seciiritv/9808n4066.html).  It  includes  a  number  of  components  including  a 
SHYM  Server,  Shyms  which  link  each  type  of  application  to  a  standard,  the  Shym 
Integration  Layer  (SIL),  Shym  Provider  Interface  (SPI),  etc.  Shym  presently  supports 
digital  certificates  from  VeriSign  and  Entrust  Technologies  and  is  developing  support  for 
GTE  CyberTrust  and  Baltimore.  Supported  applications  include:  PeopleSoft,  SAP, 
LotusNotes,  and  Documentum.  Planned  applications  include:  ERPs  from  Oracle,  Baan 
and  Mapics,  and  J.D.  Edwards;  supply  chain  management  from  i2  Technologies;  sales 
force  automation  from  Siebel,  Vantive,  and  Clarify;  and  database  products  from  Oracle, 
Sybase,  and  Informix.  The  downside  of  such  a  solution  is  the  requirement  to  install 
software  on  client  systems,  but  the  ability  to  map  existing  applications  to  PKI  is  necessary. 
Lockstar  also  offers  a  PKI  to  legacy  integration  technology 

http:/ /www.opennetwork.com  / news /press /2001/2001-05-1 7  lockstar.php,  but  may  no 
longer  be  available  (http:  /  / www.disobey.com/ ghostsites/)  (from  PKI:  The  Myth,  the 
Magic  and  the  Reality  by  Charles  Breed, 

http:  /  / networking.earthweb.com/netinfra  / article /0„12087  615851, OO.htnr  utilized  in 
IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course). 

http:  /  /boston.internet.com/news/article.php/2001  72331,1 
http://www.entrust.com/news/files/01  18  99  371.ht.m 
http:/ /www.entrustcom /news /files/01  11  99  379.htm 
http://www.advisor.com/ Articles.nsf/ aid/SMITT97. 

Cannot  we  let  people  be  themselves  and  enjoy  life  in  their  own  way?  You  are  trying  to 
make  that  man  another  you.  One's  enough.  (Ralph  Waldo  Emerson,  Leo  Rosten's  Carnival  of 
Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  279.) 
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Plaintext — see  Encryption 

Text  that  has  not  been  encrypted  or  has  already  been  decrypted  so  that  anyone  can 
read  it.  Also  known  as  cleartext. 


Because  she  had  found  that  brittle-sounding  people  will  talk  quite  openly  if  goaded,  she 
added  a  little  barb.  (Orson  Scott  Card,  Xenocide,  Tom  Doherty  Books,  New  York,  1991,  p. 


Planning,  Programming,  and  Budgeting  System  (PPBS) 

The  Department  of  Defense  financial  planning  and  tracking  system  that  uses  a 
multiyear  cycle  of  document  generation  and  review  to  interface  with  the  Congressional 
budgeting  system.  It  is  a  very  complicated  system  involving  many  different  parties  and  is 
sometimes  depicted  as  a  spiral. 

Parkinson's  Laws:  Work  expands  infinitely  to  fill  the  time  allotted  to  it;  work  increases 
to  occupy  all  organization  available  to  do  it;  expenditures  rise  with  income.  (Cyril  Northcote 
Parkinson,  Parkinson  s  Law  and  Other  Studies  in  Administration,  Houghton  Mifflin  Co.,  1957.) 

Plug-Ins 

Additional  software  that  works  in  conjunction  with  Web  browsers  to  enhance  their 
capabilities,  such  as  in  playing  audio  or  video  (e.g..  Real  Player)  or  complex  graphic 
effects  (e.g.,  Shockwave  or  Flash).  Many  plug-ins  are  available  free  for  downloading  from 
the  Internet  {Glossary  oflM/lT  &  KM  Terms).  Plug-ins  are  a  type  of  helper  application. 
Users  cannot  ascertain  if  the  plug-in  contains  malicious  code  such  as  a  Trojan  horse.  Thus, 
trust  is  a  major  issue  when  downloading  plug-ins.  Since  hackers  sometimes  attack 
domain  name  servers  to  direct  surfers  to  their  spoof  sites,  plug-ins  downloaded  from  the 
hacker  site  may  be  loaded  with  many  types  of  malware. 

They  are  ill  discoverers  that  think  there  is  no  land,  when  they  can  see  nothing  but  sea. 

Francis  Bacon  (1561-1626),  Advancement  of  Learning,  Vol.  1,  from  The  Oxford  Dictionary  of 
Quotations,  Oxford  University  Press,  New  York,  1980,  p.  24,  No.  21.) 

Policy 

Accordmg  to  Webster's  New  Collegiate  Dictionary,  a  policy,  among  other  definitions,  is 
"a  high-level  overall  plan  embracing  the  general  goals  and  acceptable  procedures 
especially  of  a  governmental  body."  More  specifically,  policy  is  one  of  the  10  federal  chief 
information  officer  (CIO)  competencies,  specified  by  the  Federal  CIO  Council  Executive 
Board,  included  in  the  IRMC's  curriculum  for  the  CIO  certificate  (IRMC  New  World  of 
the  CIO  Course).  Of  course,  there  are  information  technologies  (ITs)  policies  addressing 
the  other  federal  CIO  competency  areas.  For  example,  in  the  security  and  assistance 
competency  area,  policy  would  include  a  certificate  practice  statement  (CPS)  for 
certification  authorities  run  by  trusted  third  parties  or  commercial  concerns.  However, 
there  are  three  pillars  of  legislation"  said  to  spell  out  a  new  information  resource 
management  paradigm:  Clinger-Cohen  Act /Information  Technology  Management 
Reform  Act,  Paperwork  Reduction  Act,  and  the  Government  Performance  and  Results 
Act.  Policy  also  includes  widely  diverse  legislation  affecting  chief  information  officers  and 
IT,  including  Section  508  of  the  Rehabilitation  Act,  privacy  issues,  copyrights,  the 
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Freedom  of  Information  Act,  small  business,  Federal  Communications  Commission 
spectrum  regulation,  etc.  In  a  more  generic  sense,  policies  can  be  approached  differently 
in  a  value-dependent  way.  Such  approaches  include:  Neo-classical/welfare  (cost-benefit), 
public  choice  (collective  optimization),  social  structure  (social  group  consequences), 
information  processing  (process  modeling),  political  philosophy  (utilitarians  and 
Kantians),  and  power  and  influence  (self-interest)  frameworks  (IRMC  New  World  of  the 
CIO  Course).  DoDD  5111.1  (March  22, 1995)  charters  the  Under  Secretary  of  Defense  for 
Policy  (IRMC  Assuring  the  Information  Infrastructure  Course).  Guidelines  are  optional 
and  recommended  practices  (say  "should");  policies  say  "must,"  aim  at  a  wider  audience, 
and  are  intended  to  last  for  many  years;  standards  cover  details  such  as  implementation 
steps  and  measures  for  comparison  and  are  intended  to  last  a  few  years.  Common 
problems  with  organizational  policies  are  when  the  policy  is  a  platitude  rather  than  a 
decision  or  direction  or  the  policy  is  not  used  by  the  organization,  but  only  exists  to  show 
auditors,  and  does  not  affect  behavior.  See  http: /  /www.microsoft.com/.t.e.chnetZ 
treeview/default.asp?url=/TechNet/prodtechnol/comm/ proddocs/cs2Q00/ cs  gs  plami 
ing  tdpv.asp  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 

http:/  /  www.microsoft.com/technet/  treeview/  default. asp?url—/  technet/ seciiritv/..iss 
ues/issues.asp 

http:  /  /  www.microsoft.com/technet/treeview/ default.asp?url=/Tecl\Net/ prodtechn 
ol/winxppro /reskit /prdd  sec  gyqt.asp 

http:  /  /  www.microsoft.com/teclmet/treeview/ default.asp?url=/TechNet/prodtechn 
ol  / winxppro  /  proddocs  / sag  IPSECchecklist.asp. 

A  phenomenon  noticeable  throughout  history  regardless  of  place  or  period  is  the 
pursuit  by  governments  of  policies  contrary  to  their  own  interests.  Mankind,  it  seems, 
makes  a  poorer  performance  of  government  than  of  almost  any  other  human  activity. 

(Barbara  M.  Tuchman,  March  of  Folly,  quoted  by  Defense  Systems  Management  College,  in 
Europe  1992,  September  1990,  Ft.  Belvoir,  VA,  p.  84.) 

Portable  Document  Format  (PDF) 

Condensed  form  of  documents  created  by  Adobe  and  read  via  their  Acrobat 
application.  Creators  of  such  documents  pay  fees  to  Adobe,  but  readers  do  not  (Acrobat  is 
freeware).  PDF  documents  are  common  on  the  Internet.  They  take  less  memory  and 
download  time  but  may  not  be  as  flexible  as  Microsoft  Word  documents. 

Much  of  the  force  as  well  as  grace  of  arguments,  as  well  as  of  instructions,  depends  on 
their  conciseness.  (Alexander  Pope,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New 
York,  1994,  p.  48.) 

Portability 

The  ability  or  characteristic  that  allows  a  software  program  or  application  to  run 
under  different  hardware  or  operating  systems.  For  example,  a  portable  software 
application  can  be  ported  to  various  computers.  Many  Microsoft  products  are  portable 
across,  for  instance,  different  personals,  but  not  to  Apple  computers.  See  Application 
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Portability  Profile  (APP):  The  U.S.  Government's  Open  System  Environment  Profile 
(version  3.0,  Computer  Systems  Technology,  NIST,  February  1996)  (IRMC  New  World  of 
the  CIO  Course). 

When  in  Turkey,  do  as  the  turkeys  do.  (Honore  de  Balzac,  Leo  Rosten's  Carnival  of  Wit,  E. 

P.  Dutton  &  Co.,  New  York,  1994,  p.  336.) 

Portal — see  Knowledge  Portal,  Portlet 

A  World  Wide  Web  site  serving  as  the  home  or  starting  site  for  an  organization's 
Internet  or  intranet  users.  It  will  typically  include  a  search  engine,  links  to  useful  pages, 
news,  and  other  services.  A  portal  is  usually  intended  as  a  one-stop  shopping  entry  point 
or  connection  beyond  one's  own  local  area  network.  It  will  normally  include  hyperlinks 
to  many  other  sites  (especially  sub-organizations),  tools  (such  as  search  and  favorites  or 
bookmarks),  and  is  usually  tailored  to  individual  user  needs  or  desires.  Portals  can  also  be 
used  to  allow  applications  that  are  not  Web-enabled  to  be  accessed  by  intranet  or  Internet 
(using  devices  such  as  Citrix  servers).  For  instance,  personnel  at  the  Washington  Navy 
Yard  detachment  of  the  SPAWAR  Systems  Center  Charleston  successfully  attached  a 
draft  version  of  the  Navy  Standard  Integrated  Personnel  System  to  their  portal  to 
demonstrate  that  it  could  easily  be  accessed  through  the  Web. 

Every  man's  condition  is  a  solution  in  hieroglyphics  to  those  enquiries  he  would  put. 

He  acts  it  as  life,  before  he  apprehends  it  as  truth.  (Ralph  Waldo  Emerson,  quoted  by 
Edward  F.  Edinger  in  Ego  and  Archetype,  Putnam,  New  York,  1972,  p.  107.) 

Portfolio  Management — see  Capital  Planning  and  Investment 

An  information  process  that  supports  IT  capital  planning  and  provides  information 
for  the  continuous  identification,  selection,  management,  and  evaluation  of  IT 
investments  {Glossary  ofIM/IT  &  KM  Terms).  In  evaluating  an  IT  portfolio,  both  value  and 
risk  associated  with  each  investment  must  be  considered.  Value  consists  of:  return  on 
investment  or  ROI  (risk-adjusted,  discounted,  and  organization-wide),  strategic  match 
(extent  to  which  it  contributes  to  achieving  one  or  more  strategic  goals),  competitive 
advantage  (extent  to  which  it  provides  a  unique  advantage  with  customers  or  otherwise 
makes  the  organization  perform  better  than  competitors  in  the  quality,  timeliness,  and 
accuracy  of  product  or  service  deliveries,  in  communications  with  customers  and  other 
stakeholders,  or  in  the  fees  charged),  management  information  (extent  to  which  it  will 
produce  better  information  for  managing  the  core  business),  competitive  response  (degree 
to  which  failure  to  do  the  project  will  cause  competitive  damage  to  the  organization),  and 
strategic  information  superiority  (IS)  architecture  (degree  to  which  the  IT  aspects  of  the 
proposal  are  aligned  with  the  overall  IS  strategies  of  the  organization).  Risk  consists  of: 
organizational  risk  (extent  of  exposure  to  risks  of  concern  to  the  organization  and  the 
degree  to  which  such  risks  are  managed,  with  positive  risk  management  factors  including 
effective  management  of  change,  a  project  or  project  module  of  18  months  or  less,  amount 
of  investment  funds  required  is  under  10  percent  of  overall  IT  budget),  definitional 
uncertainty  (degree  the  requirements  and  specifications  are  known,  valid,  and  reliable), 
technical  uncertainty  (degree  of  technical  risk,  such  as  the  technology  management 
ability,  technical  skills  needed,  software  dependencies,  hardware  dependencies,  and 
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complexity  of  interfaces  or  integration),  IS  infrastructure  risk  (degree  of  nonproject 
investment  necessary  [e.g.,  will  new  or  additional  support  services  be  required?]  and  the 
extent  it  will  burden  the  present  infrastructure).  See  "Information  Technology  Investment 
Management:  An  Overview  of  GAO's  Assessment  Framework"  (GAO/ AIMD-00-155, 
May  2000,  exposure  draft),  which  describes  the  S/C/E  (select/control/ evaluate) 
approach  to  IT  investment  management  (ITIM)  which  parallels  the  Software  Engineering 
Institute/Capability  Maturity  Model  (SEI CMM).  It  includes  five  stages  with  16  critical 
processes: 


The  Government  Accounting  Office's  Application  of  SEI  CMM 
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See  the  ITIM  framework  document  (GAO/ AIMD-10.1.23,  May  2000  at 
http:  /  / www.gao.gov  / special.pubs  /lO  1  23.pdf  or  contact  Dave  McClure, 
mcclured@gao.gov,  202-512-6240,  or  Lester  Diamond,  diamondl@gao.gov ,  202-512-7957 
(IRMC  Advanced  Information  System  Acquisition  Course).  See  GAO's  Executive  Guide: 
Measuring  Performance  and  Demonstrating  Results  of  IT  Investments  (GAO/GGD-96-118, 
June  1996)  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

Disadvantaged  Business  Enterprises:  Critical  Information  Is  Needed  to  Understand  Program 
Impact.  GAO-01-586  (90  pp.,  June  1, 2001),  http: /  / www.gao.gov/new.items/d01586.p.d_f. 
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Talleyrand  was  heartbroken  when  an  accident  left  him  crippled  and  unable  to  pursue  a 
military  career.  We  profited  infinitely  more  from  his  subsequent  accomplishments  as  a 
statesman  ...  Too  often  society  looks  at  a  man  and  says  he  has  one  bad  eye,  when  what's 
more  important  is  that  he  has  one  good  one.  (Paul  Harvey,  quoted  by  Jacob  Braude  in  Nezu 
Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood 
Cliffs,  Nj,  June  1961,  p.  165.) 

Portlet  Server — see  Portal 

A  caching  approach  that  stores  certain  information  locally  to  save  server  space  and 
network  processing  time.  Portlet  servers  send  portals  dynamically  generated  content  that 
is  frequently  changed.  They  usually  provide  HTML  content  blocks  that  can  be  added  to 
the  portal  page.  Each  portlet  provides  information  or  knowledge  objects  that  are  pulled 
from  a  different  source  (USA). 

[Knowledge  is]  a  rich  storehouse  for  the  glory  of  the  Creator  and  the  relief  of  man's 
estate.  (Sir  Francis  Bacon  [1561-1626],  Advancement  of  Learning,  11,  from  The  Oxford 
Dictionary  of  Quotations,  Oxford  University  Press,  New  York,\980,  p.  24,  No.  17.) 

Post-Measure— see  Lagging  Indicators,  Leading  Indicators 

A  measure  of  performance  after  the  intervention  (IRMC  Measuring  Results  of 
Organizational  Performance  Course). 

History  teaches  us  that  man  learns  nothing  from  history.  (Georg  Wilhelm  Friederich 
Hegel,  quoted  by  Hal  Lindsay  in  The  Imte  Great  Planet  Earth,  Bantam  1973,  p.  17;  also  quoted 
by  Roger  W.  Barnett  in  "The  Maritime-Continental  Debate  Isn't  Over,"  Proceedings  of  the  U.S. 

Naval  Institute,  June  1987,  p.  30.) 

Predictive  Validity 

A  form  of  criterion-referenced  validity  in  which  the  scores  from  the  instrument  are 
compared  statistically  with  criterion  measures  that  are  indications  of  future  performance 
obtained  from  the  same  group  of  subjects  after  the  required  period  of  time  has  elapsed 
(IRMC  Measuring  Results  of  Organizational  Performance  Course). 

Explanatory  principles  should  not  be  multiplied  beyond  the  necessary.  ([Occam's 
Razor,  William  of  Occam,  1300-1349;  Duns  Scotus,  1265-1308].  C.  G.  Jung,  Letters,  Vol.  1, 

Bollingen  Series  95, 1906-50,  Gerhard  Adler  and  Aniela  Jaffe,  Eds.,  Princeton  University' 

Press,  Princeton  NJ,  1953,  p.  108.) 

Premeasure 

A  measure  of  performance  before  the  intervention  (IRMC  Measuring  Results  of 
Organizational  Performance  Course). 

The  one  great  right  we  all  have  is  the  right  to  be  wrong.  (Alvina  Brower,  quoted  by 
Jacob  Braude  in  Nezv  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall 
Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  173.) 

Present  Value  (PV) — see  Capital  Planning  and  Investment,  Portfolio  Management 

The  amount  of  money  in  today's  dollars  that  would  be  equivalent  to  a  value  of  money 
at  some  designated  point  in  the  future — taking  into  account  the  expected  inflationary 
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trend  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  PV  takes  into 
account  the  time  value  of  money.  In  cost  estimating  and  the  PPBS  system  in  acquisition 
submits,  the  time  value  of  money  must  be  taken  into  account.  Financial  submits 
sometimes  include  parallel  charts  with  one  set  in  present  dollars  and  the  other  set  in 
future  (or  then-year)  dollars.  PV  is  a  major  technique  used  in  comparing  and  selecting 
investments. 

Fourth  Law  of  Thermodynamics:  Everything  takes  longer  and  costs  more. 

Presidential  Decision  Directive-62  (PDD-62)  of  May  22, 1998 — see  Information 
Infrastructure 

Protection  against  Unconventional  Threats  to  the  Homeland  and  Americans  Overseas 
(IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

It  is  more  important  to  do  the  right  thing  than  to  do  things  right.  (Peter  Drucker,  quoted 
by  Lawrence  J.  Peter  in  The  Peter  Prescription,  William  Morrow  &  Co.,  New  York,  1972,  p. 

155.) 

The  White  House:  http:  /  / www.whitehouse.gov  / 
http:  /  /  WWW  .fas.org  /  irp  /  off  docs  /  pdd  /  index.html 
http:  /  /  www.fas.org/  irp  /  offdocs  /  pdd  /  pdd-62.htm. 

Presidential  Decision  Directive-63  (PDD-63) 

http:  /  /www.fas.org/irp  /offdocs  /pdd  /index.html:  http:  /  /  www.dao.gov/ 

The  President  of  the  United  States'  declaration  of  intent  to  establish  the  national 
Critical  Infrastructure  Protection  (CIP)  Program  that:  "No  later  than  the  year  2000,  the 
United  States  shall  have  achieved  an  initial  operating  capability  and  no  later  than  five 
years  from  today  the  United  States  shall  have  achieved  and  shall  maintain  the  ability  to 
protect  our  nation's  critical  infrastructures  from  intentional  acts  that  would  significantly 
diminish  the  abilities  of:  the  federal  government  to  perform  essential  national  security 
missions  and  to  ensure  the  general  public  health  and  safety;  state  and  local  governments 
to  maintain  order  and  to  deliver  minimum  essential  public  services;  and  the  private  sector 
to  ensure  the  orderly  functioning  of  the  economy  and  the  delivery  of  essential 
telecommunications,  energy,  financial,  and  transportation  services"  {Glossary  ofIM/IT  & 
KM  Terms).  PDD-63  also  addresses  a  sector  National  Infrastructure  Assurance  Plan 
(NIAP),  promotes  international  cooperation,  focuses  on  prevention  as  well  as  response  to 
threats,  and  promotes  cooperation  with  state  and  local  governments  and  with  industry.  It 
directs  that  chief  information  officers  are  responsible  for  information  assurance  and  that 
"every  department  and  agency  shall  appoint  a  chief  infrastructure  assurance  officer 
(CIAO)  who  shall  be  responsible  for  the  protection  of  all  of  the  other  aspects  of  that 
department's  critical  infrastructure."  It  also  directs  vulnerability  assessments,  establishes 
the  Critical  Infrastructure  Coordination  Group  (CICG),  the  National  Infrastructure 
Assurance  Council  (MAC),  and  assigns  agency  responsibilities  in  various  sectors.  It 
promotes  information  exchanges  with  industry  through  an  Information  Sharing  and 
Analysis  Center  (ISAC)  to  leverage  lessons  learned  (IRMC  New  World  of  the  CIO 
Course).  Signed  on  May  22, 1998.  PDD-63:  http:  /  /  www.  fas.org  /  irp  / offd  ocs  /  pdd  /  pdd- 


285 


63JUni,  Presidential  Policy  White  Paper  (May  1998),  http:  // www.fas.org  /irp  / 
offdocs / paper598.htni :  GSA's  informational  seminar  on  PDD-63  (October  13, 1998), 
http://vvww.netbriefings.com/event/ciao/Archives/vvebcast/  (IRMC  Assuring  the 
Information  Infrastructure  Course). 


We  are  victims  of  nothing  except  our  own  negative  thinking  and  haphazard  planning. 
(Alexander  E.  Braun,  "Brave  New  Era,"  Rosicriician  March  1975,  Vol.  LllI,  No  3  p 

41.) 

Presidential  Decision  Directive-67  (PDD-67)  (October  21, 1998)— see  Continuity  of 
Operations  Plan,  Disaster  Recovery 

Enduring  Constitutional  Government  and  Continuitij  of  Government  Operations  (IRMC 
Developing  Enterprise  Security  Strategies,  Cuidelines,  and  Policies  Course). 

http:  /  /  www.fas.org  /  irp/offdocs  /pdd  /  index.html 
http:  /  /  www.fas.org/irp/offdocs/pdd  /pdd-67.h  tm. 

It  is  well  to  moor  your  bark  with  two  anchors.  (Publilius  Syrus,  Maxim  119,  from 
Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  125.) 

President's  Commission  on  Critical  Infrastructure  Protection  (PCCIP)— see  Critical 
Infrastructure  Protection 

The  PCC  has  20  commissioners  including  principals  (cabinet  secretaries  and  agencies), 
appointed  advisors  from  the  private  sector,  and  steering:  Central  Intelligence  Agency, 
Federal  Bureau  of  Investigation,  Federal  Emergency  Management  Agency,  Department  of 
Commerce,  Department  of  Energy,  Department  of  Justice,  Department  of  Transportation, 
Department  of  the  Treasury,  Department  of  Defense,  AT&T,  IBM,  FedRes,  Georgetown, 
National  Association  of  Public  Utility  reg.  Pacific  Gas  and  Electric,  Thiokol,  Association  of 
American  Railroad.  Holds  nationwide  hearings.  Views  infrastructures  as  national  security 
cyber  threat  targets  (IRMC  Assuring  the  Information  Infrastructure  Course). 

The  future  usually  has  in  store  exactly  what's  been  placed  in  store  for  the  future.  Jacob 
Braude,  Nezu  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc., 

Englewood  Cliffs,  NJ,  June  1961,  p.  144.) 

Pretest  Sensitization 

A  threat  to  acceptance  of  evaluation  results  which  states  that  an  increase  in 
performance  may  be  caused  in  part  by  the  existence  of  a  pretest,  which  made  the 
participants  aware  of  what  they  must  be  especially  aware  of  in  the  intervention,  and  that 
the  performance  gain  would  not  have  been  as  large  if  the  pretest  were  removed  (IRMC 
Measuring  Results  of  Organizational  Performance  Course). 

The  foolish  and  the  dead  never  change  their  opinion.  (James  Russell  Lowell,  in  3,500 
Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p. 

169.) 
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Pretty  Good  Privacy  (PGP) 

PGP  is  a  freeware  encryption  application.  Formerly,  it  employed  symmetrical  keys, 
but  the  newer  version  (downloadable  from  the  Web)  uses  asymmetrical  keys.  It  is, 
therefore,  similar  to  public  key  infrastructure,  though  it  is  actually  a  hybrid  cryptosystem. 
The  strength  of  the  PGP  algorithm  is  selectable  by  the  user— with  high  strengths  now 
available.  Users  can  trade  public  keys  and  then  interchange  secure  messages  via  PGP. 
PGP  works  with  many  current  e-mail  programs  or  can  be  used  via  the  Microsoft 
clipboard  fimction.  PGP  will  then  encrypt/decrypt  the  contents  of  the  clipboard  if 
desired.  PGP  does  require  installation  via  executable  code.  Local  area  network  systems 
that  disallow  executables  preclude  setup  and  use  of  PGP.  PGP  works  by  first  compressing 
the  plaintext  (saving  modem  transmission  time  and  disk  space  and  strengthening 
security).  It  then  creates  a  session  key  (a  one-time  only  secret  key)  that  is  randomly 
generated  from  the  user's  mouse  movements  and  keystrokes.  A  conventional  encryption 
algorithm  is  used  with  the  session  key  to  encrypt  the  plaintext — resulting  in  ciphertext. 
The  session  key  is  then  encrypted  with  the  recipient's  public  key  and  is  transmitted  along 
with  the  ciphertext  to  the  recipient.  The  recipient's  PGP/computer  uses  his  or  her  private 
key  to  decrypt  the  temporary  session  key  that  is  then  used  to  conventionally  decrypt  the 
ciphertext.  The  combination  of  public  key  encryption  and  conventional  encryption  results 
in  faster  speeds  (adapted  from  IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course).  PGP  stores  its  keys  on  two  key  rings  (public  and  private)  stored  in 
an  encrypted  form  on  the  user's  computer.  PGP  software  can  be  obtained  for  personal  use 
at  no  cost  at:  http:  /  /  web.mit.edu/ network/ pgp.html. 

ASSIST  uses  Pretty  Good  Privacy  (PGP)  2.6.2  as  the  digital  signature  mechanism  for 
bulletins.  PGP  2.6.2  incorporates  the  RSAREF(tm)  Cryptographic  Toolkit  under 
license  from  RSA  Data  Security,  Inc.  A  copy  of  that  license  is  available  via 
anonymous  file  transfer  protocol  from  net-dist.mit.edu  (IP  18.72.0.3)  in  the  file 
/pub/PGP/rsalicen.txt.  In  accordance  with  the  terms  of  that  license,  PGP  2.6.2 
may  be  used  for  noncommercial  purposes  only.  Instructions  for  downloading  the 
PGP  2.6.2  software  can  also  be  obtained  from  net-dist.mit.edu  in  the 
pub/PGP/README  file.  PGP  2.6.2  and  RSAREF  may  be  subject  to  the  export 
control  laws  of  the  U.S.  Army  as  implemented  by  the  U.S.  Department  of  State 
Office  of  Defense  Trade  Controls.  The  PGP  signature  information  will  be  attached 
to  the  end  of  ASSIST  bulletins. 

Self-reliant  like  the  cat — that  takes  its  prey  to  privacy.  (Marianne  Moore,  1887-1972, 

Silence,  from  The  Oxford  Dictionary  of  Quotations,  Oxford  University  Press,  New  York,  1980, 
p.  355,  No.  22.) 

Privacy — see  Privacy  Act  of  1974 

Privacy  is  a  social,  political,  human  issue,  especially  in  democracies  such  as  the  United 
States.  The  advent  of  the  electronic  age  has  opened  up  a  Pandora's  Box  of  privacy  issues 
including  cookies,  customer  relationship  management,  secure  databases,  secure  data 
transmissions,  sensitive  but  unclassified  materials,  and  public  key  infrastructure.  Such 
organizations  as  eTrust  have  been  born  to  help  to  address  some  of  these  issues.  Persons 
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desiring  to  use  the  Internet  without  being  identified,  for  instance,  can  use  such  tools  as 
http:  /  /  www.anonymizer.com  to  hide  their  identities.  Privacy  is  closely  related  to 
personal  property  that  has  its  own  IT  issues  as  exemplified  in  the  legal  action  against 
Napster  (IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course). 
The  Electronic  Communications  Privacy  Act  of  1986  (ECPA)  shifts  the  focus  from 
allowing  interception  of  communications  to  protecting  communications.  Unauthorized 
interception  was  made  a  crime  and  an  invasion  of  privacy.  On  the  other  hand,  the 
Supreme  Court  (Whalen  v.  Roe),  allowed  a  New  York  state  statute  allowing  retention  of  a 
database  about  individuals  with  drug  prescriptions  because  the  reason  for  having  it  was 
sufficiently  important  and  it  was  adequately  protected  despite  citizen  rights  to  privacy  of 
personal  information. 

The  Privacy  Act  of  1974  controls  federal  record  keeping  and  disclosure  including 
safeguards  to  protect  privacy.  The  Computer  Matching  and  Privacy  Protection  Act  of 
1988  addresses  procedures  to  control  government  record  matching  across  databases 
containing  Privacy  Act  records.  The  Right  to  Financial  Privacy  Act  of  1978  controls 
government's  rights  to  records  held  by  financial  institutions.  The  Computer  Security  Act 
of  1987  directs  improving  security  and  privacy  measures  on  government  databases 
containing  sensitive  information.  See  the  Government  Accounting  Office's  Computers  and 
Privacy—How  the  Government  Obtains,  Verifies,  Uses,  and  Protects  Personal  Data 
(Washington,  DC,  GPO,  1990)  (IRMC  New  World  of  the  CIO  Course).  Nonetheless,  the 
European  Union  has  indicated  that  U.S.  privacy  rules  are  still  not  good  enough.  An  open 
(Internet)  profiling  standard  has  been  proposed  to  protect  personal  privacy  on  the 
Internet.  It  is  projected  that  its  adoption  could  greatly  increase  electronic  commerce. 

Many  additional  laws  have  been  proposed  in  Congress. 

Necessity  is  the  plea  of  every  infringement  of  human  freedom.  It  is  the  argument  of 
tyrants;  it  is  the  creed  of  slaves.  (William  Pitt,  Speech  on  the  Indian  Bill,  November  18, 1783, 
quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion, 

Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June,  1961,  p.  249.) 

Privacy  Act  of  1974,  U.S.C.  552,  P.  L.  93-579  (December  31, 1974)— see  Electronic 
Communications  Privacy  Act  and  Foreign  Intelligence  Surveillance  Act 

Purposed  to  restrict  disclosure  of  personally  identifiable  records  maintained  by 
agencies;  grant  individuals  increased  right  of  access  to  agency  records  maintained  about 
themselves;  grant  individuals  the  right  to  seek  amendment  of  inaccurate,  untimely,  or 
incomplete  records;  and  establish  a  "code  of  fair  information  practices"  for  agency 
guidance.  Rights  were  limited  to  natural  persons  including  citizens  and  permanent 
residents.  Records  included:  "any  item,  collection  or  grouping  of  information  . . .  that 
contains  name,  identifying  number,  symbol  or  identifying  particular  (e.g.,  fingerprint) 
used  for  retrieval."  Department  of  Defense  responsibilities  include  implementation  of 
physical  security  practices,  information  management  practices,  and  computer  and 
network  controls  necessary  to  ensure  individual  privacy  (IRMC  Assuring  the  Information 
Infrastructure  Course). 

http://vvww.usdoi.gov/04foia/Q4  7  l.html. 
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The  right  to  be  let  alone  is  the  most  comprehensive  of  rights  and  the  right  most  valued 
in  civilization.  (Louis  D.  Brandeis,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New 
York,  1994,  p.  92.) 

Process  Improvement 

One  of  the  10  federal  CIO  competencies,  specified  by  the  Federal  CIO  Council 
Executive  Board,  included  in  the  IRMC's  curriculum  for  the  CIO  certificate.  Processes  are 
the  end-to-end  activities  that  create  value  to  a  customer.  Michael  Hammer  and  James 
Champy's  book  Reengineering  the  Corporation  initiated  a  trend  towards  business  process 
reengineering  (BPR)  as  part  of  the  revolution  in  business  affairs  (RBA)  cited  by  political 
leaders.  It  followed  upon  the  government's  attempt  to  implement  W.  Edwards  Deming's 
total  quality  management  (TQM)  dubbed  total  quality  leadership  (TQL)  in  the 
Department  of  Defense.  The  former  approach  is  to  completely  replace  an  extant  system; 
the  latter  approach  is  to  continually  improve  the  extant  system;  one  is  revolutionary,  the 
other  is  evolutionary.  Additionally,  TQL  focuses  on  outputs,  improving  internal 
operations  of  an  organization;  BPR  focuses  more  on  outcomes  including  relations  with 
external  organizations  in  an  open  environment.  It  tends  to  change  vital  working 
relationships  with  other  organizations.  Customer  and  supplier  relationship  management 
(CRM  and  SRM)  are  two  aspects  of  such  changing  relationships:  the  first  with  customers, 
the  second  with  suppliers.  Such  approaches  are  opposed  to  politically  correct  (PC)  or  rice 
bowl  engineering  (RBE)  approaches  (IRMC  New  World  of  the  CIO  Course). 

The  road  to  wisdom?  — ^well,  it’s  plain  and  simple  to  express: 

Err  and  err 
and  err  again 
but  less 
and  less 
and  less. 

(Piet  Hein,  "The  Road  to  Wisdom,"  quoted  by  George  Steiner  in  Top  Management 
Planning,  MacMillan  &  Co.,  New  York,  1969.) 

Program — see  Brain  Drain,  Program  Profiles 
http:  /  /  www.defensedaily.com  /progprof.htm 

1)  In  software,  an  organized  list  of  instructions  that,  when  executed,  causes  the 
computer  to  behave  in  a  predetermined  manner.  Without  programs  computers  are 
useless.  A  program  is  like  a  recipe.  It  contains  a  list  of  ingredients  (variables  and 
constants — data)  and  a  list  of  directions  (statements)  that  tell  the  computer  what  to  do 
with  the  data  {Glossary  oflM/IT  &  KM  Terms).  The  data  can  be,  for  example, 
alphanumerical  (numbers  and  text)  or  graphical  images.  Originally,  programs  were 
written  in  binary  (ones  and  zeros),  then  octal  or  hexadecimal,  then  assembly  languages 
(instructions  were  text  which  mapped  directly  into  machine  code  or  language),  then 
higher  order  languages  (e.g.,  ALGOL,  COBOL,  or  FORTRAN).  Special  software  converts 
the  language  used  into  machine  language  (i.e.,  assemblers  or  compilers).  More  recently, 
computers  have  become  capable  of  multiprogramming/ multiprocessing,  with  a 
multiplicity  of  programs  running  on  the  same  machine  simultaneously  (e.g.,  Microsoft 
Windows).  Programs  are  often  referred  to  as  applications  in  IT.  Popular  languages  now 
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include:  C++  and  Java.  Many  legacy  programs,  however,  were  written  in  older  languages, 
and  maintaining  them  has  become  problematic  (see  brain  drain ).  Common  programs 
include:  Microsoft  Word  and  Excel,  and  Netscape. 

2)  In  acquisition  management,  a  significant  project,  normally  with  a  planned  budget 
and  schedule  (through  the  planning,  programming,  and  budgeting  system  and  created 
via  the  program  objectives  memorandum)  and  performance  requirements  (via  system 
specifications,  operational  requirements  document,  etc.).  Managing  and  implementing 
them  is  entitled  program  management. 

Knowledge  must  come  through  action;  you  can  have  no  test  which  is  not  fanciful,  save 
by  trial.  (Sophocles,  Trachiniac,  1.592,  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  & 

Co.,  Boston,  1968,  p.  82b.) 

Program  Management  (PM) 

PM  is  the  process  of  orchestrating  acquisition  programs  (especially  in  the  Department 
of  Defense  [DoD]).  Acquisition  also  includes  procurement  and  other  activities  (e.g.,  use  of 
government  credit  cards).  Programs,  while  often  utilizing  contractor  off-the-shelf  (COTS) 
hardware  and  software,  generally  are  used  when  the  system  desired  has  not  yet  been 
built.  Though  a  program  can  address  the  full  life  cycle  of  the  requirement  solution. 
Programs  are  managed  via  program  management  offices  (PMOs)  located  in  the  Navy  in 
systems  commands  (e.g.,  NAVAIR,  NAVSEA,  and  SPA  WAR)  or  program  executive 
offices  (PEOs)  such  as  PEO-IT.  The  latter  were  created  to  manage  the  largest  programs 
(called  acquisition  category  [ACAT]  Is).  Program  management  is  a  major  Defense 
Acquisition  Workforce  Improvement  Act  (DAWIA)  specialty  and  level  3  was  previously 
achieved  through  the  14-week  Advanced  Program  Management  Course  (PMT302)  at  the 
Defense  Acquisition  University's  (DAU)  Defense  Systems  Management  College-School  of 
Program  Managers;  the  final  APMC  class  graduated  in  August  2002.  This  course  is 
replaced  by  the  Program  Management  Office  Course  (PMT352)  with  60  days  online,  6 
weeks  resident.  Individuals  designated  as  program  managers  or  deputy  PMs  for  major 
programs  must  also  take  DAU's  Program  Manager's  Course  (PMT401)  with  a  10-weeks 
residency.  Acquisition  is  also  one  of  the  National  Defense  University's  10  federal  CIO 
competencies;  thus,  PM  is  also  applicable  in  the  IT  arena.  One  of  the  great  mistakes  made 
in  the  recent  past  was  to  anticipate  that  COTS  could  be  used  to  procure  the  software  and 
hardware  portions  of  a  system  without  using  PM  techniques  and  methods.  Such 
"procurements"  (e.g.,  the  Standard  Procurement  System  and  many  others)  were 
originally  unsuccessful  because  they  ignored  the  systems  engineering  and  management 
needed — which  are  included  under  program  management.  The  most  challenging  aspects 
of  PM  often  lie  in  interfacing,  interoperability,  and  integration  issues  which  are  even  more 
prominent  today  with  the  increasing  desire  for  connectivity,  real  or  virtual.  For  example. 
Task  Force  Web  (https:/ / ucso2.hq.navy.mil/nQ9w/webbasQl  .nsf/ (vwwebpage)/ 
webbase.htm/OpenDocument  is  working  to  webify  the  Department  of  the  Navy,  and  the 
Navy /Marine  Corps  Intranet  will  provide  upgraded  connectivity  and  IT  resources.  Such 
initiatives  support  the  intent  of  the  DoD  global  information  grid.  The  Assistant  Secretary 
of  the  Navy  for  Acquisition  Reform  and  Defense  Acquisition  University  have  initiated  a 
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PM  community  of  practice  (PMCOP)  with  a  Web  site  available  via  Internet: 
http:  /  /www.pmcop.dau.mil. 

Program  Manager  Boulevard:  http:  /  / www.pmblvd.com 
Winsight  tool:  http:/ / www.sed.monmouth.army.mil/ se 
Mesa/Vista  environment  for  project  management  and  control: 
http:/  /  ipw.internet.com/ e-business /intranet /916161532.html. 

How  dreadful  knowledge  of  the  truth  can  be  when  there's  no  help  in  truth!  (Sophocles 
[c.495-405  B.C.]  Oedipus  Rex,  1.316,  from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  & 

Co.,  Boston,  1968,  p.  81b.) 

Protocol — see  Hypertext  Transfer  Protocol 

Commimication  rules,  required  for  handshaking  and  transfer  of  data.  When 
computers  communicate,  their  messages  must  be  put  into  a  "packet"  or  envelope  that 
each  can  recognize.  These  envelopes  (similar  to  postal  envelopes)  must  carry  a  return 
address  and  a  destination  address.  The  protocol  determines  how  and  where  these 
addresses  appear  within  the  packet.  If  the  sending  and  receiving  protocols  are  not  the 
same,  the  receiving  machine  will  get  the  wrong  address  information  from  the  packet  and 
fail  to  recognize  its  own  messages.  Protocols  include:  transmission  control 
protocol/Internet  protocol  (TCP/IP),  SNA  —  System  Network  Architecture  (IBM 
mainframe  protocol),  IPX  —  Internet  Packet  Exchange  (Novell  NetWare  protocol),  DLR 
(disk  operating  system  local  area  network  requestor),  and  Local  Talk  (Apple /Macintosh 
protocol)  (based  on  Glossary  ofIM/lT  &  KM  Terms). 

One  must  allow  other  people  to  be  right,  he  used  to  say  when  he  was  insulted,  it 
consoles  them  for  not  being  anything  else.  (Andre  Gide,  The  Immoralist,  Richard  Howard 
trans..  Vintage  Books,  1956.) 

Proxy  Server 

A  firewall  or  server  cormected  to  external  sites  in  lieu  of  the  real  (internal 
organization)  server.  The  proxy  protects  the  internal  server  from  attack.  It  also  provides 
increase  flexibility  in  firewall  services. 

As  Robert  Green  Ingalls  said,  "In  nature  there  are  neither  rewards  nor  punishments — 
there  are  consequences."  (Robin  Robertson,  Your  Shadow,  ARE  Press,  Virginia  Beach,  VA, 

1997,  p.  xi.) 

Public  Key  Cryptosystems 

There  are  several  algorithms  or  methods  for  constructing  key  pairs  for  public  key 
infrastructure  and  other  asymmetric  cryptography  systems.  They  are  mostly  named  for 
their  inventors  and  include:  Elgamal  (Taher  Elgamel),  RSA  (Ron  Rivest,  Adi  Shamir,  and 
Leonard  Adleman),  Diffie-Hellman,  and  DSA  (the  digital  signature  algorithm,  invented 
by  David  Kravitz). 
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No  army  can  withstand  the  strength  of  an  idea  whose  time  has  come.  (Victor  Hugo,  in 
3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983, 
p.  119.) 

Public  Key  Infrastructure  (PKI) — see  Certification  Authority  (CA)  and  Encryption 

PKI  is  a  form  of  asymmetric  encryption  (i.e.,  the  encoding  key  and  decoding  key  are 
different).  Two  parties  wishing  to  communicate  in  a  protected  manner  each  must  have  a 
private  and  a  public  key  of  their  own.  They  exchange  their  public  (but  not  their  private) 
keys.  This  is  normally  accomplished  through  digital  certificates  that  include  the  public 
key  as  well  as  authenticating  information  about  the  party  involved  and  a  signature  from 
an  authority  attesting  to  the  authenticity  of  the  certificate  (sometimes  several).  Thus,  the 
parties  actually  exchange  digital  certificates — often  through  a  trusted  third  party  (TTP) 
external  to  both  the  communicators. 

Key  management  infrastructure  (KMl)  is  the  process  for  handling  digital  certificates. 
Each  party  encodes  their  transmission  with  the  other  party's  public  key.  Only  one's 
private  key  can  decode  something  encoded  with  one's  public  key  (and  vice  versa).  At  this 
point  only  the  recipient  (assuming  it's  actually  that  entity's  real  public  key)  can  now 
decode  the  message.  However,  to  enhance  security,  the  sender  adds  his  or  her  own  digital 
signature  to  the  message.  The  recipient  then  uses  the  sender's  public  key  to  decode  the 
signature,  ensuring  the  identification  of  the  sender.  Lastly,  a  hash  function  is  used  to 
produce  a  fixed-length  message  digest. 

Any  change  in  the  message  will  produce  a  different  hash  so  that  the  participants  can 
verify  if  messages  have  arrived  unchanged.  Since  the  hash  is  signed  with  the  sender's 
private  key,  it  precludes  the  same  digital  signature  being  used  on  other  messages  by 
unauthorized  parties.  Since  PKTs  public  keys  are  not  secret,  secure  distribution  is  not 
required.  Thus,  strong  encryption  (formerly  limited  to  users  who  could  afford  it)  is  now 
cost-effective  for  mass  usage.  Care  must  be  taken  (use  of  proper  KMl),  however,  when 
using  digital  certificates  (public  keys)  to  preclude  man-in-the-middle  attacks.  Breed  lists 
several  commercial  concerns  that  support  PKI  in  PKI:  The  Myth,  the  Magic  and  the 
Reality  http:/ /networking.earthweb.com/netinfra /article/0,,12087  615851,00.hhn.  A 
PKI  solution  should  consist  of:  a  security  policy,  CA,  registration  authority  (RA), 
certificate  distribution  system,  and  PKI-enabled  applications  (from  IRMC  Managing 
Networked  Security  in  a  Networked  Environment  Course).  Department  of  Defense  Chief 
Information  Officer  (DoD  CIO)  Memorandum,  DoD  PKI,  was  issued  on  August  12, 2000, 
https:/ /iase.disa.mil/PKI/.  The  DoD  PKI  Program  Management  Office  issued  PKI 
Roadmap  for  the  DoD  on  December  18, 2000, 

https:/ /iase.disa.mil/ documentlib.html#PKlDOCS.  The  Government  Accounting  Office 
(GAO)  issued  Advances  and  Remaining  Challenges  to  Adoption  of  PKI  Technology  in 
February  2001,  http:/ /www.gao. gov/new. items/d01277.pdf. 

There  are  two  types  of  PKI,  open  and  closed.  In  open  PKI,  one  certificate  has  many 
functions  (one  key  pair  for  many  purposes).  In  closed  PKI,  many  certificates  are  used  for  a 
few  functions — different  certificates  for  different  purposes  (IRMC  Advanced  Information 
System  Acquisition  Course).  See  http:/  /www.esecurib^planet. com/resources/article/ 
0„10760  96441  LOO.html  (IRMC  Critical  Information  Systems  Technologies  Course).  It  has 
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been  stated,  "the  use  of  public  key  encryption  techniques  and  message  digests  can  largely 
eliminate  fraud  on  the  Internet."^^  In  addition: 

Sensitive  transactions  will  likely  need  the  full  range  of  security  assurances  offered  by 
PKI  transactions  involving  sensitive  information  . . .  are  likely  to  require  greater  security 
assurances  than  can  be  had  through  simple  security  measures,  such  as  requiring  passwords 
to  gain  access  . . .  [but]  the  full  range  of  security  assurances  that  may  be  needed  for  sensitive 
transactions  is  not  available  through  [secure  sockets  layer,  SSL],  unless  the  user's  software  is 
specially  configured  or  modified.  As  it  is  commonly  used,  SSL  does  not  provide  full 
authentication  of  both  sender  and  recipient,  nor  does  it  provide  for  nonrepudiation  of  a 
transaction.  Thus  it  is  not  an  answer  to  all  of  the  government's  needs  in  securing  sensitive 
electronic  transactions.'^ 

On  the  other  hand,  "In  theory,  public  key  cryptography  deployed  in  a  PKI  provides  a 
very  high  level  of  security  and  there  is  little  doubt  throughout  the  industry  that  a  fully 
deployed  PKI  overcomes  most  of  the  current  security  and  management  issues  that 
organizations  are  concerned  about."^*  Therefore,  PKI  has  emerged  as  the  dominant 
security  framework  or  infrastructure  supporting  the  main  concerns  required  for  business- 
to-business  e-commerce.  Businesses  must  rely  on  this  flexible  and  interoperable 
infrastructure  to  conduct  trusted  online  business. 

PKI  is  designed  to  protect  information  assets  through:  authentication  (validates  the 
identity  of  parties  in  communications  and  transactions),  confidentiality  (ensures  that 
information  cannot  be  viewed),  data  integrity  and  tamper  detection  (provides  message 
authentication),  nonrepudiation  (ensures  that  transactions,  once  committed,  are  legally 
valid  and  irrevocable),  availability  (ensures  that  transactions  or  communications  can  be 
executed  reliably  upon  demand).”  Thus,  PKI  meets  the  requirements  of  the  Information 
Resources  Management  College's  CIANA  (confidentiality,  integrity,  availability, 
nonrepudiation,  and  authentication)  security  criteria,  providing  the  necessary  levels  of 
security GAO^^  describes  a  number  of  challenges  to  successful  govermnent  PKI 
implementation.  These  include:  a  lack  of  compatibility  due  to  options  in  standardization 
methods  and  syntax  leading  to  a  potential  lack  of  interoperability,  unknown  scalability, 
high  costs,  lack  of  urufied  federal  policies,  new  user  and  administrator  training,  archiving, 
limited  operational  experience,  difficult  legacy  system  implementations,  certificate  and 
key  management. 

Others  have  focused  on  credential  storage,  smart  cards,  interpretation  of  standards, 
distribution  and  certificate  revocation,^^  key  recovery  and  escrow,^  privacy  and 
anonymity  issues  and  "misuse  of  digital  certificates  by  hackers,  unscrupulous  employees, 
government  agencies,  financial  institutions,  insurance  companies,  and  so  on."^^  Indeed, 
Brands  calls  digital  certificates  "the  most  pervasive  electronic  surveillance  tool  ever 
built.  Though  these  are  legitimate  concerns,  many  are  applicable  to  new  developments 
in  general,  some  are  based  upon  certain  assumptions  or  mindsets,  and  others  are 
susceptible  to  former,  identifiable  solutions.  Only  a  few  are  specific  to  PKI.  Finally,  some 
vulnerabilities  or  limitations  may  only  apply  to  some  users  and  not  to  others,  for  instance, 
"the  primary  driver  for  DoD's  development  of  PKI  has  been  to  improve  security  of 
transactions  rather  than  promote  electronic  government."^®  Using  a  decision  theory 
approach,  one  compares  an  alternative  against  other  alternatives  (including  the  costs  of 
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nonimplementation),  not  against  perfection  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course  author's  final  paper,  PKI  Vulnerabilities) 
http:  /  /  wwvv.counterpane.com/pki-risks.html. 

It  takes  20  years  to  become  an  overnight  success.  (Eddie  Cantor,  in  3,500  Good  Quotes  for 
Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  233.) 

Pump  and  Dump 

A  form  of  stock  fraud  in  which  perpetrators  release  misinformation  about  a  stock  to 
entice  traders  to  buy  or  sell  the  stock,  so  that  they  can  sell  quickly  and  take  profits  before 
it  is  realized  that  the  information  was  false.  Thus,  they  pump  up  a  stock's  price,  then 
dump  it. 


Is  this  a  "we  ate  the  lollipop,  but  you  can  have  the  wrapper"  trick?  (Fred  H.  Bloch,  at 
IBM  Design  Review  of  AN/UYS-1,  April  27, 1977.) 

Push-Pull 

These  are  antithetical  means  of  distributing  knowledge,  information,  and  data.  In  a 
push  mode,  the  source  or  distributor  pushes  the  new  or  updated  message  to  its  customers 
or  users  automatically.  A  listserve  is  an  example  of  a  push  methodology.  In  a  pull  mode, 
the  distributor  makes  the  message  available  to  users  who  download  it  (pull  it)  at  their 
discretion.  User  needs  will  determine  which  is  better  for  that  user. 

Experience  indicates  that  knowledge  cannot  be  imparted.  It  can  only  be  acquired. 

(Norman  G.  Shidle,  quoted  by  Jacob  Braude  in  Neiv  Treasury  of  Stories  for  Every  Speaking  and 
Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June,  1961,  p.  205.) 
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Q 

Qualitative  Measurement — see  Quantitative  Measurement 

Providing  narrative  descriptions  that  define  the  quality  of  the  factor  being  measured. 
(The  descriptions  which  are  rich  in  details  and  in  the  form  of  verbatim  statements, 
anecdotal  descriptions,  case  studies  . . .  are  typically  subjectively  derived,  being  open  to 
interpretation)  (IRMC  Measuring  Results  of  Organizational  Performance  Course.) 

I  would  rather  be  ashes  than  dust.  I  would  rather  that  my  spark  should  bum  out  in  a 
brilliant  blaze  than  it  should  be  stifled  in  dry  rot.  1  would  rather  be  a  superb  meteor  every 
atom  of  me  in  magnificent  glow  than  a  sleepy  and  permanent  planet.  The  proper  function  of 
man  is  to  live,  not  to  exist  1  shall  not  waste  my  days  in  trying  to  prolong  them.  I  shall  use  my 
time.  Qack  London,  quoted  in  "Washington  Reports,"  Physics  Today,  1987,  Vol.  40,  No.  3,  p. 

48.) 

Quality — see  Software  Quality 

The  correctness,  timeliness,  accuracy,  completeness,  relevance,  and  acceptability  of 
knowledge,  information,  and  data  (DoD  8320.1-M,  Data  Administration  Procedures)  (IRMC 
Data  Management  Strategies  and  Technologies  Course).  There  are  two  types  of  quality 
metrics:  product  and  process.  Product  metrics  define  the  ability  of  the  delivered  product 
to  meet  the  functional  and  technical  requirements  of  the  project.  Process  quality  metrics 
(e.g.,  defect  removal  rate)  measure  the  success  of  processes  (defect  removal)  during 
development.  See  Andrew  Sage's  "Strategic  Quality  Assurance  and  Management" 
chapter  in  Systems  Management  for  Information  Technology  and  Software  Engineering  (John 
Wiley  &  Sons,  New  York,  1997),  and  12  Rules  to  Make  Your  ISO  9000  Documentation  Simple 
and  Easy  to  Use  (C.  W.  Russo,  American  Society  for  Quality  Control,  1997)  (IRMC 
Advanced  Information  System  Acquisition  Course).  See  DoD's  Quality  and  Productivity 
Self-Assessment  Guide:  Ideas  and  Sources  and  Survey,  (version  3.0,  February  1995),  U.S. 
Department  of  Commerce,  National  Institute  of  Standards  and  Technology's  Malcolm 
Baldrige  National  Quality  Award  Criteria  for  Performance  Excellence  (1998), 
http://www.quality.nist.gov7,  http://www.asq.org/,  and  President's  Quality  Award 
Program  at  http:  /  / www.opm.gov  / quality  /  (IRMC  Measuring  Results  of  Organizational 
Performance  Course). 

From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

President's  Quality  Award  Program:  http:/  / www.opm.gov/pqa  6/ 02.  "We  have  re¬ 
oriented  the  President's  Quality  Award  Program.  It  is  now  focused  on  recognizing 
accomplishments  that  further  the  Administration's  objectives  as  noted  in  the  President's 
Management  Agenda." 

International  Quality  &  Productivity  Center's  Conference  Topics:  http:/  / www.iqpc.com/ 
cgi-bin / templates / 0 /index.html  4/02.  IQPC's  conference  information  and  links. 
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Men  are  disturbed  not  by  the  things  that  happen  but  by  their  opinion  of  the  things  that 
happen.  (Epictetus) 

Quantitative  Measurement — see  Qualitative  Measurement 

The  assignment  of  numerical  values  (or  words  that  imply  a  numerical  value)  to 
represent  the  amount  or  degree  that  a  factor  being  measured  exists  (the  assigned  scores 
which  are  in  the  form  of  sums,  averages,  percentages,  rations,. . .  are  expected  to  be 
objectively  derived,  not  subject  to  interpretation).  (IRMC  Measuring  Results  of 
Organizational  Performance  Course.) 

Nature,  as  we  know,  is  not  satisfied  with  theories.  (C.  G.  Jung,  Freud  and  Psychoanalysis, 

CW4,  Pantheon  Books,  New  York,  1961,  p.  288.) 

Questionnaire  or  Survey— see  Behaviorally  Anchored,  Comparative,  Likert,  Ordinal, 
Semantic  Differential  and  Thurstone  Rating  Scales 

A  type  of  measurement  instrument  that  yields  a  single  score  by  arithmetically 
combining  responses  to  a  number  of  items  (statements  or  questions  with  several  possible 
responses  represented  on  some  form  of  scale),  where  each  item  attempts  to  measure  one 
aspect  of  the  factor  being  measured. 

Tips  on  surveying:  http:/ /w ww.itpolicy.gsa.gov/mkm/pathwavs/survey/ 
measure.htm. 

Survey  design:  http://www.surveysvstem.com/sdesign.hhn  (IRMC  Measuring 
Results  of  Organizational  Performance  Course).  You  cannot  assume  respondents  will  tell 
the  truth,  especially  if  you  do  not  explain  to  them  why  they  should  not.  Privacy  is  often 
influential  in  respondent  responses.  For  instance,  sites  requiring  registration  to  see 
additional  information  have  had  several  respondents  named  "Mickey  Mouse"  sign  up! 
Customers  may  assume  information  they  provide  can  be  sold  unless  otherwise  indicated. 
See  Self-Assessment  Guide  for  IT  Systems  (National  Institute  for  Standards  and  Technology 
Special  Publication  800-XX,  March  9, 2001)  for  an  example  of  a  comprehensive 
questionnaire,  http:/ / csrc.nist.gov:  301-975-3293  marianne.swanson@nist.gov  (IRMC 
Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies  Course). 

There  are  two  ways  of  spreading  light:  to  be  the  candle  or  the  mirror  that  reflects  it. 

(Edith  Wharton,  1862-1937,  Vesalius  in  Zonte.) 
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R 


Random  Access  Memory  (RAM) 

Memory  that  provides  equally  rapid  access  to  every  item  of  information  stored/ 
regardless  of  location.  This  contrasts  with  sequential  access  devices,  such  as  tape,  where 
items  of  information  can  be  accessed  only  in  the  sequence  in  which  they  were  originally 
stored.  Unlike  ROM  (read-only  memory),  RAM  can  be  compared  to  a  blackboard  or  slate, 
on  which  you  can  write,  erase  what  you  wrote,  and  write  something  else  again  and  again. 
It  holds  programs  and  data  that  may  be  instantly  needed  by  the  processor  from  moment 
to  moment,  and  it  acts  as  a  scratch  pad  for  storing  intermediate  results  in  calculations 
{Glossary  ofIM/IT  &  KM  Terms).  RAM  usually  refers  to  the  volatile  (it  must  be  constantly 
powered)  component  of  a  computer  (formerly  core  memory  umt)  rather  than  the  read- 
write  disk  now  included.  RAM  is  used  for  temporary  (operating)  storage.  The  computer 
"runs"  off  the  RAM  so  that  all  the  programs  running  (e.g.,  imder  Windows)  are  normally 
loaded  into  the  RAM  memory  from  another,  nonvolatile  source  (the  built-in  disk,  a 
removable  diskette  or  zip  drive,  or  the  local  area  network  server).  If  insufficient  RAM  is 
available,  a  computer  can  "overlay"  programs  and  data,  bringing  them  in  and  out  of 
RAM  on  an  as-needed  basis— but  this  is  a  time-consuming  process.  Thus,  adding  RAM 
can  decrease  response  times  or  latencies.  The  advent  of  larger  applications  (newer 
versions  of  such  programs  as  Microsoft  Word  tend  to  greatly  increase  in  size  over  time  as 
more  features  are  added)  has  necessitated  increased  RAM  and  disk  sizes  for  computers. 
Older  computers  quickly  become  obsolete  due  to  lack  of  RAM,  disk,  and  speed  to  run  the 
larger,  slower  programs.  The  Navy/Marine  Corps  Intranet,  for  instance,  addresses  this 
problem  by  providing  a  standard  set  of  computing  capabilities  that  is  regularly  upgraded 
to  industry  standards. 

Next  to  the  hunger  to  experience  a  thing,  men  have  perhaps  no  stronger  hunger  than  to 
forget.  (Hermann  Hesse,  The  Journey  to  the  East,  Hilda  Rosner  trans..  Noonday  Press,  New 
York,  1969,  p.  57.) 

Random  Sampling 

Selection  of  cases  takes  place  using  a  repetitious  random  process  that  assures  that  each 
member  of  the  accessible  population  has  an  equal  chance  of  being  selected  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  In  practice,  software-driven 
random  number  generators  are  used  to  approximate  randomness.  Some  care  must  be 
taken  when  reusing  the  same  random  number  generator  for  different  cases  to  ensure  that 
repetition  of  numbers  does  not  occur.  Legitimate  sampling  requires  that  sufficient  cases 
are  utilized.  If  a  population  consists  of  subgroups  that  are  internally  consistent  but  differ 
widely  from  other  such  groups,  care  must  be  taken  to  ensure  true  randomness  and, 
sometimes,  other  techniques  than  random  sampling  may  be  more  appropriate. 

The  right  people  don't  need  to  be  tightly  managed  or  fired  up;  they  will  be  self- 
motivated  by  the  inner  desire  to  produce  the  best  results  and  to  be  part  of  something  great . . . 
great  vision  without  great  people  is  irrelevant.  (Jim  Collins,  Good  to  Great,  Harper  Business, 

New  York,  2001,  p.  42.) 
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Rater— see  Threats  and  Ordinal  Rating  Scale 

A  person  who  rates"  or  evaluates  submissions.  Situations  include:  evaluating 
competitive  contractor  proposals  for  a  contract,  rating  candidates  for  jobs,  evaluating 
present  employee  work  performance,  selecting  from  among  different  alternative  problem 
solutions,  etc.  Decision  theory  can  assist  with  the  process,  but  humans  are  needed  to 
devise  die  raw  scores  drawn  directly  from  the  input  materials— some  of  which  are  often 
subjective.  Due  to  this  subjectivity,  raters  (especially  if  untrained)  are  subject  to  numerous 
threats  to  objectivity  and  errors  in  judgment.  These  may  be  psychological  and 
unconscious  in  nature.  They  include:  central  tendency,  contrast,  frame  of  reference,  halo 
effect,  history,  and  time-dependency. 

People  tend  to  see  what  they  want  to  see.  Out  of  a  mass  of  detailed  information  they 
tend  to  pick  out  and  focus  on  those  facts  that  confirm  their  prior  perceptions  and  to 
disregard  or  misinterpret  those  that  call  their  perceptions  into  question.  (Robert  Fisher  and 
William  Ury,  Getting  to  Yes,  Bruce  Patton,  Ed.,  Penguin  Books,  New  York,  1981,  p.  23.) 

Rational  Unified  Process  (RUP) 

The  Rational  Unified  Process”,  or  RUP®  best  practices  method,  is  a  Web-enabled  set  of 
sofhvare  engineering  processes  that  provide  guidance  to  streamline  team  development 
activities.  RUP  facilitates  the  choice  of  project-appropriate  sets  of  process  components. 
Teams  using  common  processes  experience  more  predictable  results  by  improving 
communication  and  creating  common  imderstanding  of  tasks,  responsibilities,  and 
artifacts.  Vendors  and  domain  experts  RUP  process  components  on  a  unified  Web  site. 
The  RUP  knowledge  base  helps  unify  a  team  by  identifying  and  assigning  responsibilities, 
artifacts,  and  tasks  so  each  member  of  the  team  understands  his  or  her  contribution  to  the 
project.  So  unifying  a  team  streamlines  communication,  promoting  efficient  resource 
allocation,  proper  deliverables,  and  met  deadlines.  RUP  includes  industry  best  practices, 
incorporating  lessons  learned  from  hundreds  of  industry  leaders  and  thousands  of 
projects.  It  decreases  re-inventing  solutions  to  known  software  problems.  The  RUP 
platform  enables  you  to  leverage  new  tools  and  technologies  in  your  unique  environment 
dirough  customized  plug-in  content,  tool  mentors,  and  extended  help.  Technology  plug¬ 
ins  allow  you  to  update  your  development  process  and  customize  the  process  as 
technology,  tools,  and  platforms  evolve.  On  one  centralized  Web  exchange.  Rational 
Software,  platform  vendors,  tool  vendors  and  domains  experts  provide  such  process 
components.  To  fully  leverage  new  technologies  and  increase  tool-use  efficiency.  RUP 
also  provides  tool-specific  online  mentors  to  explain  how  to  implement  these  tools  in  the 
user's  environment  http://www.rational.rom/prodi]rt.s/riip 

You  can  t  think  and  hit  at  the  same  time.  (Yogi  Berra,  The  Yogi  Book,  Workman 
Publications,  New  York,  1998,  p.  13.) 

Read-Only  Memory  (ROM) 

Built-in  computer  memory  containing  data  that  normally  can  only  be  read,  not 
written  to.  ROM  contains  the  programming  that  allows  your  computer  to  be  "booted  up" 
or  regenerated  each  time  you  turn  it  on.  Unlike  a  computer's  RAM,  the  data  in  ROM  is 
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not  lost  when  the  computer  power  is  turned  off  (based  on  Glossary  of  MAT  &  KM  Terms). 
PROM  is  programmable  ROM;  a  WORM  is  a  memory  in  which  one  Writes  Once  and 
Reads  Many  times.  Some  PROMs  can  be  re-written:  EPROMs  are  erasable  PROMs.  Re¬ 
writing  PROMs  usually  require  special  equipment  exterior  to  the  computer.  However, 
some  special  computers  have  been  designed  to  re-write  EPROMs  while  still  installed  in 
the  computer.  EEPROMs  are  electronically  erasable  EPROMs.  Formerly,  ultraviolet  light 
was  required  to  erase  EPROMs.  The  number  of  re-writes  is,  however,  somewhat  limited 
as  opposed  to  RAM,  which  can  be  re-written  a  great  many  times. 

The  fool  sees  naught  but  folly;  and  the  madman  only  madness.  Yesterday  1  asked  a 
foolish  man  to  count  the  fools  among  us.  He  laughed  and  said,  "This  is  too  hard  a  thing  to 
do,  and  it  will  take  too  long.  Were  it  not  better  to  count  only  the  wise?"  (Kahlil  Gibran, 

Words  of  the  Master:  a  Second  Treasury  of  Kahlil  Gibran,  p.  55.) 

Recognition-Primed  Decision  (RPD) 

Method  whereby  an  experienced  decision  maker  uses  experience  to  immediately 
identify  key  aspects  of  a  pending  decision  to  create  plausible  possibilities  and  exclude 
implausible  ones.  The  decision  maker  then  extrapolates  the  effects  of  making  the 
particular  choice  in  order  to  accept  or  reject  it.  An  RPD  does  not  result  in  an  optimal 
decision  but  a  quick  "satisficing"  decision  without  deliberate  option  comparisons.  RPDs 
include  a  good  dose  of  intuition  to  be  effective.  See  Gary  Klein's  "Strategies  of  Decision 
Making"  {Military  Review,  May  1989,  pp.  56-64):  "Decision  aids  can  interfere  with  and 
frustrate  the  performance  of  skilled  operators.  It  is  no  wonder  that  field  officers  reject 
decision  aids  requiring  them  to  use  length  analytical  processes  when  the  time  available  is 
not  adequate."  RPD  takes  into  accoimt  the  decision-making  process  as  part  of  the  decision 
criteria  (cost)  (IRMC  Leadership  for  the  21"‘  Century  Course). 

Slavish  obedience  to  rules  and  regulations  is  one  way  to  avoid  discomforting  thoughts 
about  our  actions.  (Jorry  B.  Harvey,  The  Abilene  PuTudox  and  Othev  hAeditutions  on 
Management,  Lexington  Books,  Lexington,  MA,  1988,  p.  93.) 

Records  Management 

Management  (planning,  controlling,  directing,  organizing)  of  knowledge,  information, 
and  data  records,  and  their  creation,  maintenance,  and  use.  Such  records  can  include  both 
hard  (books,  papers,  maps,  photographs,  machine-readable  documents)  and  soft 
(electronic  and  software)  materials,  regardless  of  physical  form  or  characteristics.  With  the 
rapid  rise  of  IT,  records  have  evolved  into  multimedia  documents.  Records  are  generally 
the  components  of  files. 

The  real  purpose  of  books  is  to  trap  the  mind  into  doing  its  own  thinking.  (C.  Morley, 
quoted  by  Lawrence  J.  Peter  in  The  Peter  Prescription,  William  Morrow  &  Co.,  New  York, 

1972,  p.  13.) 

Red  Team 

Independent  and  focused  threat-based  effort  by  an  interdisciplinary  simulated 
adversary  to  expose  and  exploit  vulnerabilities  as  a  means  to  improve  the  security 
posture  of  information  systems  {Glossary  of  MAT  &  KM  Terms).  A  red-team  effort  is  the 
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highest  level  of  information  security  testing  (audit  and  penetration  testing  are  the  other 
levels)  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course).  Generically,  red  teams  are  used  as  independent  evaluators  of  any  process  or 
product.  Bidders  often  use  red  teams  to  evaluate  their  proposals  prior  to  submission  to 
the  government  in  a  competitive  solicitation. 

In  so-called  creative  work  the  person  generally  sets  his  own  object  and  task,  whereas  in 
other  types  of  work  his  object  or  task  is  set  for  him  . . .  discretion  and  judgment  constitute 
the  sole  factor  in  the  sense  of  effort  in  work.  (Elliott  Jaques,  Creativity  and  Work,  International 
Universities  Press  Inc.,  Madison,  CT,  1990,  p.  155.) 

Redundant  Array  of  Independent  Disks  (RAID) 

A  set  of  two  or  more  hard  disks  with  a  disk  controller  and  RAID  functionality.  It 
provides  redundancy  or  backup  by  mirroring  the  target  system.  It  improves  performance 
by  disk  striping — interleaving  bytes  or  groups  of  bytes  across  multiple  disk  drives  so  that 
more  than  one  disk  is  writing  and  reading  simultaneously.  RAID  has  several  levels  of 
implementation.  In  RAID  1,  data  is  100  percent  duplicated  on  two  drives.  In  RAID  3&5, 
the  parity  results  on  two  drives  are  calculated  and  stored  on  a  third  drive;  a  failed  drive 
can  be  hot  swapped  and  lost  data  rebuilt  by  the  RAID  controller  (IRMC  Managing 
Networked  Security  in  a  Networked  Environment  Course).  RAID  is  reliable,  handles 
frequent  data  changes,  is  scalable,  and  works  well  for  client-server  systems.  There  are 
various  types  of  RAID:  0, 1, 2, 3, 4, 5, 6, 7, 10,  and  53.  See 
http:/ / wvvw.acnc.com/raid.bfn-i]. 


a.  IRMC 


Term 

Equivalence 

_ u _ 

Power  of  10 

Approximation 

Kilobyte 

1,024  bytes 

3 

Vi  page 

Megabyte 

1  million  bytes 

6 

Short  novel 

Gigabyte 

1  billion  bytes 

9 

Encyclopedia 

Terabyte 

1  trillion  bytes 

^  12 

1,000  encyclopedias 

Petabyte 

1,000  terabytes 

15 

1  million  encyclopedias 

Knowledge  is  essential  for  work.  But  it  is  essential  in  being  one  of  the  tools  of  work- 
like  a  saw,  or  a  microscope;  it  is  not  the  work  itself.  (Elliott  Jaques,  Creativity  and  Work, 
International  Universities  Press,  Inc.,  Madison,  CT,  1990,  p.  156.) 


Reengineering— see  Business  Process  Reengineering  (BPR) 

Reengineering  involves  scrapping  a  current  process  and  replacing  it  with  a  new  one _ 

not  restricted  by  the  assumptions  limiting  the  initial  process.  See  Michael  Hammer's 
"Reengineering  Work:  Don't  Automate,  Obliterate"  (Harvard  Business  Review,  July-August 
1990,  pp.  104-112  (IRMC  Advanced  Software  Acquisition  Management  Course). 


Nothing  can  change  from  one  thing  to  another  (without  first  losing  its  original  identity). 
Thus,  for  example,  before  an  egg  can  grow  into  a  chicken,  it  must  first  cease  totally  to  be  an 
Each  thing  must  lose  its  original  identity  before  it  can  be  something  else.  Therefore, 
before  a  thing  is  transformed  into  something  else,  it  must  come  to  the  level  of  Nothingness. 
This  is  how  a  miracle  comes  about,  changing  the  laws  of  nature.  First  the  thing  must  be 
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elevated  to  the  Emanation  of  Nothingness.  Influence  then  comes  from  that  Emanation  to 
produce  the  miracle.  (The  Great  Maggid  of  Mezerich,  quoted  by  Aryeh  Kaplan,  Meditation 
and  Kabbalah,  Samuel  Weiser,  York  Beach,  ME,  1982,  pp.  301-302.) 

Registration  Authority  (RA) 

The  RA  is  the  interface  between  the  user  and  the  certification  authority  (CA).  It 
authenticates  the  user  and  submits  the  user's  certificate  request  to  the  CA.  The  quality  of 
the  RA  affects  that  of  the  level  of  trust. 

It  takes  a  wise  man  to  recognize  a  wise  man.  (Xenophanes  IX  [570-475  B.C.],  from 
Diogenes  Laertius,  from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston, 

1968,  p.  70b.) 

Regression  Analysis — see  Threats  to  Acceptance 

A  statistical  analysis  and  model  of  evaluation  that  can  determine  the  effect  that  an 
intervention  has  on  organizational  performance  after  statistically  controlling  for  the 
effects  of  other  factors  that  can  also  affect  performance  (IRMC  Measuring  Results  of 
Organizational  Performance  Course). 

The  scientific  axiom  known  as  Occam's  Razor— "explanatory  principles  should  not  be 
multiplied  beyond  the  necessary."  (C.  G.  Jung,  Psychological  Types,  CW6,  Princeton 
University  Press,  Princeton,  NJ,  1971,  p.  494  ff.) 

Relevance  Ranking 

A  technique  used  to  differentiate  among  and  between  items  located  by  search  engines 
(e.g.,  Web  search  engines  such  as  Google  or  Alta  Vista).  Generally  results  are  displayed  on 
the  screen  from  the  most  relevant  to  the  least  relevant  [based  on]  the  search  criteria  and 
algorithm  used.  In  a  knowledge  base,  relevancy  is  usually  based  on  a  set  of  parameters 
defined  by  the  knowledge  base  administrator  {Knowledge  Management:  The  Catalyst  for 
Electronic  Government,  Raymond  Barquin  and  Alex  Bennet,  Eds.,  Management  Concepts, 
Vienna,  VA,  2001,  [USA]).  While  relevance  ranking  can,  in  theory,  assist  with  searches 
that  result  in  an  overabimdance  of  information,  present  relevance  ranking  methods  may 
not  be  adequate  or  closely  match  the  needs  or  opinions  of  the  user. 

Sir  Ernest  Rutherford,  President  of  the  Royal  Academy,  and  recipient  of  the  Nobel  Prize 
in  Physics,  related  the  following  story:  Some  time  ago  I  received  a  call  from  a  colleague.  He 
was  about  to  give  a  student  a  zero  for  his  answer  to  a  physics  question,  while  the  student 
claimed  a  perfect  score.  The  instructor  and  the  student  agreed  to  an  impartial  arbiter,  and  I 
was  selected.  I  read  the  examination  question:  "Show  how  it  is  possible  to  determine  the 
height  of  a  tall  building  with  the  aid  of  a  barometer."  The  student  had  answered:  "Take  the 
barometer  to  the  top  of  the  building,  attach  a  long  rope  to  it,  lower  it  to  the  street,  and  then 
bring  it  up,  measuring  the  length  of  the  rope.  The  length  of  the  rope  is  the  height  of  the 
building."  The  student  really  had  a  strong  case  for  full  credit  since  he  had  really  answered 
the  question  completely  and  correctly!  On  the  other  hand,  if  full  credit  were  given,  it  could 
well  contribute  to  a  high  grade  in  his  physics  course  and  certify  competence  in  physics,  but 
the  answer  did  not  confirm  this.  I  suggested  that  the  student  have  another  try.  I  gave  the 
student  six  minutes  to  answer  the  question  with  the  warning  that  the  answer  should  show 
some  knowledge  of  physics.  At  the  end  of  five  minutes,  he  hadn  t  written  anything.  I  asked 
if  he  wished  to  give  up,  but  he  said  he  had  many  answers  to  this  problem;  he  was  just 
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thinking  of  the  best  one.  I  excused  myself  for  interrupting  him  and  asked  him  to  please  go 
on.  In  the  next  minute,  he  dashed  off  his  answer,  which  read:  “Take  the  barometer  to  the  top 
of  the  building  and  lean  over  the  edge  of  the  roof.  Drop  the  barometer,  timing  its  fall  with  a 
stopwatch.  Then,  using  the  formula  x=0.5*an^2,  calculate  the  height  of  the  building."  At 
this  point,  I  asked  my  colleague  if  he  would  give  up.  He  conceded,  and  gave  the  student 
almost  full  credit. 

While  leaving  my  colleague's  office,  I  recalled  that  the  student  had  said  that  he  had 
other  answers  to  the  problem,  so  1  asked  him  what  they  were.  "Well,"  said  the  student, 

"there  are  many  ways  of  getting  the  height  of  a  tall  building  with  the  aid  of  a  barometer.  For 
example,  you  could  take  the  barometer  out  on  a  sunny  day  and  measure  the  height  of  the 
barometer,  the  length  of  its  shadow,  and  the  length  of  the  shadow  of  the  building,  and  by 
the  use  of  simple  proportion,  determine  the  height  of  the  building."  "Fine,"  I  said,  "and 
othere?  Yes,  said  the  student,  "there  is  a  very  basic  measurement  method  you  will  like. 

In  dus  method,  you  take  the  barometer  and  begin  to  walk  up  the  stairs.  As  you  climb  the 
stairs,  you  mark  off  the  length  of  the  barometer  along  the  wall.  You  then  count  the  number 
of  marks,  and  this  will  give  you  the  height  of  the  building  in  barometer  units.  A  very  direct 
method."  "Of  course,  if  you  want  a  more  sophisticated  method,  you  can  tie  the  barometer  to 
the  end  of  a  string,  swing  it  as  a  pendulum,  and  determine  the  value  of  g  [gravity]  at  the 
street  level  and  at  the  top  of  the  building.  From  the  difference  between  the  two  values  of  g, 
the  height  of  the  building,  in  principle,  can  be  calculated."  "On  this  same  tack,  you  could  ' 
take  the  barometer  to  the  top  of  the  building,  attach  a  long  rope  to  it,  lower  it  to  just  above 
the  street,  and  then  swing  it  as  a  pendulum.  You  could  then  calculate  the  height  of  the 
building  by  the  period  of  the  precession."  "Finally,"  he  concluded,  "there  are  many  other 
ways  of  solving  the  problem.  Probably  the  best,"  he  said,  "is  to  take  the  barometer  to  the 
basement  and  knock  on  the  superintendent's  door.  When  the  superintendent  answers,  you 
speak  to  him  as  follows:  'Mr.  Superintendent,  here  is  a  fine  barometer.  If  you  will  tell  me  the 
height  of  the  building,  I  will  give  you  this  barometer.'" 

At  this  point,  I  asked  the  student  if  he  really  did  not  know  the  conventional  answer  to 
this  question.  He  admitted  that  he  did,  but  said  that  he  was  fed  up  with  high  school  and 
coUege  instructors  trying  to  teach  him  how  to  think.  The  name  of  the  student  was  Niels 
Bohr.  (1885-1962)  Danish  Physicist;  Nobel  Prize  1922;  best  known  for  proposing  the  first 
'model'  of  the  atom  with  protons  and  neutrons,  and  various  energy  state  of  the  surrounding 
familiar  icon  of  the  small  nucleus  circled  by  three  elliptical  orbits  ...  but  more 
significantly,  an  innovator  in  Quantum  Theory.  (Received  via  Internet  e-mail;  this  is  an 
Urban  Legend.  See  http:/ /www..snope.s2. com  /  or  van  der  Linden,  Peter.  Expert  C 
Prppirammmg,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  1994.) 

Reliability— see  Equivalent  Forms,  Inter-Rater  Reliability  and  Split-Half,  Test/Retest 
Reliability 

The  characteristic  of  a  measurement  instrument  that  shows  the  degree  to  which  it 
consistently  assigns  scores  in  spite  of  minor  variations  in  instrument  design  and 
administration  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 
Reliability  does  not  imply  validity.  Information  can  be  reliable  but  not  valid.  However, 
validity  implies  reliability.  If  something  is  valid,  it  is  also  reliable.  Reliability  is  necessary 
but  not  sufficient  for  validity.  Reliability  can  be  viewed  as  a  type  of  internal  consistency, 
whereas  validity  adds  an  element  of  external  consistency.  Reliability  is  more  relative, 
validity  more  absolute  in  essence. 

My  commitment  is  to  truth  as  I  see  it  each  day,  not  to  consistency.  (Mohandas  Gandhi, 
quoted  by  Ram  Dass  in  journey  of  Awakening,  Bantam  Books,  New  York,  1978,  p.  201.) 
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Response  Rate 

The  percentage  of  respondents  that  return  a  completed  questionnaire  for  analysis 
(IRMC  Measuring  Results  of  Organizational  Performance  Course).  A  low  response  rate 
raises  doubts  as  to  the  statistical  validity  of  the  response  set.  A  number  of  techniques  are 
available  to  increase  the  response  rate  to  an  acceptable  level,  including:  phone  call  or  e- 
mail  follow-ups. 

The  reengineering  team  abandons  the  familiar  and  seeks  the  outrageous.  Suspend  belief 
in  extant  rules,  procedures,  values.  (Michael  Hammer  and  James  Champy,  Rccngincsring  the 
Corporation,  Harper  Business,  New  York,  1993,  p.  135.) 

It  gets  late  early  out  here.  (Yogi  Berra,  The  Yogi  Book,  Workman  Publications,  New  York, 

1998,  p.  64.) 

Return  On  Investment  (ROD— see  Capital  Planning  and  Investment,  Portfolio 
Management 

The  ratio  of  financial  savings  or  increased  revenue  to  the  total  costs  of  an 
organizational  investment  (IRMC  Measuring  Results  of  Organizational  Performance 
Course).  A  measure  for  evaluating  proposed  and  actual  investments  in  projects, 
programs,  or  initiatives.  There  are  a  number  of  possible  techniques  and  criteria  that  can  be 
used  to  determine  ROI.  Among  them  are:  present  value  (the  value  today  of  a  flow  of 
investments  and  incomes  at  start  and  expected  in  the  future  at  a  given  or  projected 
discount  or  interest  rate),  internal  rate  of  return  (the  iteratively  calculated  rate  of  return 
based  on  the  flow  of  investment  and  income),  and  payback  period  (the  time  for  the 
investment  to  pay  back  an  amount  equal  to  the  original  investment).  ROIs  are  used  in 
business  case  analyses  (BCAs)  and  other  methods  to  evaluate  proposed  investment  and 
are  not  peculiar  to  IT.  For  an  analysis  of  a  particular  project  see:  http:  /  /  tsc.wes.army.miiy 

down]oads/CADDSymposium2000/wilber.ppt. 

From  Gary  Hacker's  HR  Metrics  News  consolidated  from  Issues  1-5  (OPM): 

Linking  Budget  to  Performance — GSA  Regional  Operations  Perspective: 
http://www.opm.gov  /compeonf /postconfOO/ gsa/ waters.htm  4/ 02.  GSA  presentation 
at  OPM's  Strategic  Compensation  Coriference  2000. 

Don't  Just  Get  Them  Coffee:  A  Study  in  Recruiter  ROI:  by  Beth  Minter: 
http:  /  /  wnvw.erexchange.com  /articles /db/5CF83163C2D949A59C0FDF6969D382B4.asD 
6/02.  "That's  right,  we're  going  to  have  to  measure  recruiter's  ROI.  Just  like  our 
counterparts  in  manufacturing,  IT,  sales,  consulting,  or  customer  service,  we  will  be 
required  to  document  the  quality  of  our  work.  And  that's  going  to  involve  accountability. 
In  particular,  we'll  have  to  take  responsibility  for  the  performance  of  our  hires.  It  is  the 
only  clear  path  to  illustrating  our  profitability  to  our  companies  rather  than  our  cost." 

Measuring  the  ROI  of  Training:  by  Ben  Worthen:  http:  /  /  www .cio.com  / archive/. 
n215Ql/roi.html  3/02.  "You  know  your  employees  want  more  training,  but  how  can  you 
tell  if  you  are  getting  your  money's  worth?" 
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The  ROI  of  Human  Capital:  Measuring  the  Economic  Value  of  Emploi/ee  Performance:  by  Jac 
Fitz-Enz:  http:  /  / wvvw.amazon.com/exec/obidos  /  ISRN'.VoBDnS  1 4405746  / 
ref‘X)3Dnosim / tcmstrainindevel  / 1 02-501 5943-7201 71 9  6/02.  "We  all  know  that  people— 
not  cash,  buildings,  or  equipment — are  the  lifeblood  of  any  business  enterprise.  Yet, 
astonishingly,  there  has  never  been  a  reliable  way  to  quantify  the  contribution  of  human 
capital  to  corporate  profit ...  until  now." 

The  Cost  of  Delay  by  Alice  Snell:  http:/  /  vvvvw.erexchange.com /articles /db/ 
Z3E5A8D49D21494899B5QBEC70406A03.asp  5/ 02.  "Assessment  of  ROI  on  a  system 
implementation  reflects  favorably  on  the  HR  staff.  It  shows  that  the  recruiters  and  other 
key  HR  stakeholders  who  comprise  the  selection  committee  realize  the  importance  of 
carefully  evaluating  each  strategic  business  decision." 

For  two  decades  the  great  French  artist  Renoir  suffered  pain  and  misery.  Rheumatism 
racked  his  body  and  distorted  his  fingers.  As  he  slowly  applied  his  paint  to  the  canvas, 
beads  of  perspiration  stood  on  his  brow,  from  intense  suffering.  Renoir  could  not  stand  but 
had  to  be  placed  in  a  chair,  moved  up  and  down  to  give  him  access  to  various  parts  of  his 
canvas.  Yet  he  persisted,  painting  in  pain  masterpieces  of  girlhood  beauty.  Matisse,  his 
disciple,  pleaded  one  day,  “Why  torture  yourself  to  do  more?"  Gazing  at  a  favorite  canvas, 

Renoir  replied,  "The  pain  passes,  but  the  beauty  remains."  (Adrian  Anderson,  Along  the 
Way,  quoted  by  Jacob  Braude  in  Neiu  Treasury  of  Stories  for  Every  Speaking  and  Writing 
Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  N],  June  1961,  p.  359.) 

Remember  that  time  is  money.  (Benjamin  Franklin,  Advice  to  a  Young  Tradesman,  1748 
from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  104a.) 

Reuse — see  Software 

Usually  used  to  refer  to  the  reuse  of  existing  software  programs,  subprograms, 
subroutines,  etc.  Judicious  software  reuse  is  cost  effective  (efficient)  since  both 
development  and  maintenance  costs  (thus,  life-cycle  costs)  are  low  to  nil.  However,  the 
new  development  software  (often  contractor  off-the-shelf)  must  be  well  matched  to  the 
reused  software  (often  government  off-the-shelf)  regarding  technical  requirements, 
interoperability  and  interfacing,  compatibility,  and  transportability.  The  reused  software 
must  be  maintainable — older  software  may  be  written  in  archaic  programming 
languages,  for  instance,  that  are  difficult  or  impossible  to  maintain.  Some  developers 
purposely  create  reusable  software  for  new  programs.  This  adds  upfront  cost,  but  creates 
products  designed  for  reuse  and,  thus,  very  cost-effective  in  that  regard.  See  Isoda's 
Experiences  on  a  Software  Reuse  Project"  (Journal  of  Systems  and  Software,  1995,  Vol.  30, 
No.  2,  September,  pp.  171-186,  and  reprinted  in  Software  Management,  5'"  ed.,  Don  Reifer, 
Ed.,  IEEE,  pp.  558-573)  (IRMC  Advanced  Software  Acquisition  Management  Course). 

We  shall  not  cease  from  exploration 
And  the  end  of  all  our  exploring 
Will  be  to  arrive  where  we  started 
And  know  the  place  for  the  first  time. 

(T.  S.  Eliot,  "The  Four  Quartets,"  1943,  quoted  by  Jean  Shinoda  Bolen  in  Goddesses  in 
Everywoman,  Harper  &  Row,  San  Francisco,  1984,  p.  295.) 
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Reverse  Auction  .  •  i 

Reverse  auctions  are  "downward  price"  auctions  in  which  suppliers  continue  to  lower 

their  prices  until  the  auction  closes.  Buyers  watch  as  competitors  lower  price  in  real  time. 
The  first  Internet  reverse  auction  in  the  federal  government  was  conducted  by  the 
Department  of  the  Navy  (based  on  Glossary  oflMlYT  &  KM  Terms).  A  mock  reverse 
auction  was  held  at  the  Electronic  Business  Knowledge  Fair  on  August  30, 2001.  The 
bidders  were  dressed  as  Amelia  Earhart,  Benjamin  Franklin,  and  Abraham  Lincoln. 

"Uncle  Sam"  conducted  the  auction.  Amelia  won  the  contract  for  the  first  item  (an 
anchor)  by  underbidding  her  competition.  Reverse  auctions  have  developed  as  an 
extension  of  the  government's  acquisition  reform  initiatives  towards  commercialization 
and  increased  competition.  It  can  result  in  significant  savings. 

If  one  has  to  jump  a  stream  and  knows  how  wide  it  is,  he  will  not  jump.  If  he  does  not 
know  how  wide  it  is,  he  will  jump,  and  six  times  out  of  ten  he  will  make  it.  (Old  Persian 
Saying,  quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing 
Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  60.) 

RISCC  Security  Assessment 

R  stands  for  risk  identification  and  categorization;  I  is  for  IT  profiling;  S  represents 
selection  of  controls  and  elimination  of  redundancies;  C  stands  for  cost  calculation,  and  C 
stands  for  consideration  of  alternatives  and  risk  decision  (IRMC  Assuring  the  Information 
Infrastructure  Course). 

Lorig  ago  lived  a  seaman  named  Captain  Bravo.  He  was  a  manly  man  who  showed  no 
fear  in  facing  his  enemies.  One  day,  while  sailing  the  seven  seas,  a  lookout  spotted  ^^^^te 
ship  and  the  crew  became  frantic.  Captain  Bravo  bellowed,  "Bring  me  my  red  shirt,  me 
First  Mate  quickly  retrieved  the  Captain's  red  shirt  and  whilst  wearing  the  bright  red  frock 
he  led  his  men  into  battle  and  defeated  the  pirates.  Later  on  that  day,  the  lookout  spotted 
not  one,  but  two  pirate  ships.  The  Captain  again  caUed  for  his  red  shirt  and  once  again 
though  the  fighting  was  fierce,  he  was  victorious  over  the  two  ships.  That  evening,  all  the 
men  sat  around  on  the  deck  recoimting  the  day's  triumphs  and  one  of  the  them  asked  the 
Captain,  "Sir,  why  do  you  caU  for  your  red  shirt  before  battle?"  The  Captain  repHed,  "If  I 
am  wounded  in  the  attack,  the  shirt  will  not  show  my  blood  and  thus,  you  men  will 
continue  to  fight,  unafraid."  All  of  the  men  sat  in  silence  and  marveled  at  the  courage  of 
such  a  manly  man.  As  dawn  came  the  next  morning,  the  lookout  spotted  not  one,  not  two, 
but  10  pirate  ships  approaching.  The  crew  stared  at  the  Captain  and  waited  for  his  usual 
reply.  Captain  Bravo  calmly  caUed  out,  "Get  me  my  brown  pants."  (Internet  e-mail  story.) 

Risk  Assessment/ Analysis  •  -r-  •  i 

This  is  a  major  process  in  program  management.  A  risk  assessment  identifies  ris  s, 

vulnerabilities,  and  threats  to  a  system,  system  development,  or  to  system  users  in  the 
field.  Risks  are  analyzed  regarding  probability  of  occurrence  and  effects  if  they  should 
occur.  A  chart  is  normally  prepared,  mapping  each  risk  on  these  two  axes.  Then, 
appropriate  cost-effective  responses  or  countermeasures  are  created.  These  may  preclude 
certain  risks,  but  often  only  mitigate  either  the  probability  of  occurrence  or  the  effect  or 
impact  if  it  should  occur.  The  risk  assessment  must  be  updated  during  the  life  of  the 
program,  adjusting  to  changes.  In  the  world  of  IT,  risk  assessments  are  of  particular 
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importance  and  applicability  in  computer  security  (INFOSEC).  There  are  generally  three 
l^els  of  activities  ranging  from  a  system  security  audit  to  an  empirical  red  team  attack. 
This  process  may  be  referred  to  as  a  vulnerability  assessment  or  analysis.  See  Carr, 
Konda,  et  al.,  Taxonomy  Based  Risk  Identification  (CMU/SEI-93-TR-6,  ADA266992,  ' 

University,  1993),  which  describes  processes  and  provides  forms  to  use 
(IKMC  Advanced  Information  System  Acquisition  Course). 

He  that  leaveth  nothing  to  chance  will  do  few  things  ill,  but  he  will  do  very  few  things. 

(Gregory  Benford  and  David  Brin,  Heart  of  the  Comet,  Bantam,  New  York,  1986,  p.  1.) 

Risk  Management — see  Risk  Assessment 

Process  concerned  with  the  identification,  measurement,  control,  and  minimization  of 
risks  to  a  level  commensurate  with  the  value  of  the  assets  protected.  In  IT,  it  is  often 
applied  to  information  systems  security.  For  software  risk  see  "Attention  Shaping  and 
^ftware  ^sk-A  Categorical  Analysis  of  Four  Classical  Risk  Management  Approaches" 
(Lyytinen,  Mathiassen,  and  Ropponen,  Information  Systems  Research,  1998,  Vol.  9,  No.  3 
^ptember.  Institute  for  (Operations  Research  and  the  Management  Sciences)  and  the 
Software  Engineering  Institute  Continuous  Risk  Management  Guidebook  (Carnegie-Mellon 
University,  1996)  (IRMC  Advanced  Information  System  Acquisition  Course).  Also  see  J 
Davidson  Frame's  "Managing  Risk:  Identifying,  Analyzing,  and  Planning  Responses,"  ' 
{The  New  Project  Management,  Jossey-Bass,  San  Francisco,  1994,  pp.  74-94)  and  David 
Riefer's  Software  Management  (1997)  (IRMC  Advanced  Software  Acquisition  Management 
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exposure  draft,  June  2001.  -..r.agement  vmiae:  computer  becurity  first  public 

One  of  the  great  paradoxes  of  our  time  is  that  what  looks  like  strength  is  really 
weakness  and  what  appears  to  be  weakness  is  really  strength  . . .  Paradoxically,  when  we 
admit  our  weaknesses  we  are  showing  our  strengths,  and  when  we  deny  our  weaknesses 
we  are  exhibiting  them.  (Susanna  McMahan,  The  Portable  Therapist,  p.  160.) 

Wmsight  tool:  (Select  Operations;  Strategic  Planning  and  Policy  Coordination 
Software  Acquisition  Risk  Management)  http://www.sed.monmniith.armv.niil  An 
(select  Related  Web  sites"  then  select  "Army  CECOM  SEC  Software  Insight  Tool").  For 
information:  Marilyn  Ginsberg-Finner  at  732-842-1717. 

Department  of  Defense  risk  management  policies  and  procedures: 
http:/ /www.acq.osd.mil /te/programs/se/risk  manmmmpnt 
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Robotics  -11. 

''A  reprogrammable,  multifunctional  manipulator  designed  to  move  material,  parts, 

tools,  or  specialized  devices  through  various  programmed  motions  for  the  performance  of 
a  variety  of  tasks"— (Robot  Institute  of  America,  1979)  "or  Force  through  intelligence  or 
Where  AI  meet  the  real  world.  Webster  says:  'An  automatic  device  that  performs 
functions  normally  ascribed  to  humans  or  a  machine  in  the  form  of  a  human'.  The  word 
'robot'  was  coined  by  the  Czech  playwright  Karel  Capek  (pronoimced  "chop'ek")  from 
the  Czech  word  for  forced  labor  or  serf.  Capek  was  reportedly  several  times  a  candidate 
for  the  Nobel  prize  for  his  works  and  very  influential  and  prolific  as  a  writer  and 
playwright.  Mercifully,  he  died  before  the  Gestapo  got  to  him  for  his  anti-Nazi 
sympathies  in  1938.  The  use  of  the  word  Robot  was  introduced  into  his  play  R.U.R. 
(Rossum's  Universal  Robots)  which  opened  in  Prague  in  January  1921."  Isaac  Asimov 

(famed  science  fiction  author)  framed  the  Laws  of  Robotics: 

Law  Zero:  A  robot  may  not  injure  humanity,  or,  through  inaction,  allow  humanity  to 
come  to  harm. 

Law  One:  A  robot  may  not  injure  a  human  being,  or,  through  inaction,  allow  a  human 
being  to  come  to  harm,  unless  this  would  violate  a  higher  order  law. 

Law  Two:  A  robot  must  obey  orders  given  it  by  human  beings,  except  where  such 

orders  would  conflict  with  a  higher  order  law . 

Law  Three:  A  robot  must  protect  its  own  existence  as  long  as  such  protection  does  not 
conflict  with  a  higher  order  law.  These  are  described  in  Roger  Clarke's,  "Asimov’s  Laws 
for  Robotics:  Implications  for  Information  Technology,"  Part  1  and  Part  2,  Computer, 
December  1993,  pp.  53-61  and  Computer,  January  1994,  pp.  57-65  (from  Robotics  FAQs  at: 
http:  /  /  www.frc.ri.cmu.edu/ robotics-fac|  /l.html); 
http:  /  /ai.iit.nrr.ca/sub)ects/Robotics.html; 

http://www  foresight.org/EOC/EOC  Web  Introduction.html;  http:/ /www- 
rnhotirs.usc.edu/:  http:  /  /www.robocup.org/;  (IRMC  Critical  Information  Systems 
Technologies  Course)  http:  /  / roboticscollege.com/ . 

The  dinosaurs  became  extinct  because  they  didn't  have  a  space  program.  (Larry  Niven, 
quoted  by  Arthur  C.  Clarke,  Ad  Astra,  1996,  Vol.  8,  No.  3,  May-June,  p.  14.) 


Router  j  • 

A  device  or  function  that  guides  (routes)  information  to  its  intended  destination. 

Routers  generally  connect  networks  (e.g.,  a  local  area  network  and  the  Internet)  and 
determine  where  to  send  data  based  on  addresses  in  messages  and  devices  as  well  as 
router  settings.  Located  at  juncture  points,  routers  are  the  traffic  control  system  of  the 
Internet.  Routers  are  usually  server  systems,  but  computers  (e.g.,  thick-client  personal 
computers)  can  also  serve  as  routers.  Router  control  can  be  a  major  security  issue  if  not 
completely  integrated  into  the  information  system  and  managed  by  a  central  systems 
administrator.  Routers  can  be  prime  hacker  targets. 

A  Uttle  learning  is  a  dangerous  thing.  (Alexander  Pope,  Essay  on  Criticism,  quoted  by 
Jacob  Braude  in  Nm  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall 
Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  203.) 
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A  salesman  in  social  network  analysis  (per  Malcolm  Gladwell's  The  Tipping  Point)  is  a 
person  with  inherent  skills  in  convincing  other  people.  Thus,  salesmen  can  be  critical  to 
successful  culture  change.  Further,  their  placement  in  the  organization  can  be  critical  to 
their  success  and  value  within  the  organization.  Salesmen  make  wonderful  knowledge 
champions  and  change  agents.  Nevertheless,  it  is  helpful  to  integrate  such  personnel  with 
appropriate  mavens  and  cormectors  for  maximum  effect. 

Attitude  is  the  top  priority;  after  attitude,  talerrt  or  gifts  are  important.  (Dave 
Marinaccio,  All  I  Really  Need  to  Know  I  Learned  from  Watching  Star  Trek,  Crown  Publishmg, 

New  York,  1994,  p.  64.) 


Sampling— see  Statistical  Significance  and  Threats  to  Acceptance 

A  technique  for  choosing  a  group  of  individuals  from  a  larger  population  of  people 
such  that  the  group  is  representative  of  the  population  on  some  designated 
characteristics.  Sample  size  calculation:  http:  /  /www.surveysvstem.com/sscalc.htm, 
http:  /  /  www.international-survey.org/index.html,  http:  /  /  www.gal1up.coin, 
http:/ / www.isrg1obalsiirveys.com/ default.asp  (IRMC  Measuring  Results  of 
Organizational  Performance  Course).  Sampling,  if  performed  correctly,  replaces  data 
gathering  from  each  member  of  the  population  in  question  (which  is  often  impossible  or 
impossibly  expensive).  Considerable  care  must  be  taken  to  avoid  the  many  potential 
threats  to  acceptance.  Sampling  is  often  the  only  feasible  means  to  obtain  feedback  in  a 
timely  and  cost-effective  manner.  Proper  experimental  design  and  statishcal  analysis  (e.g., 
ANOVA,  chi-square)  must  be  performed  to  avoid  errors,  obtain  credibility,  and  avoid 
arguments  (per  my  grandfather)  that  "figures  don't  lie  but  liars  figure. 


The  well-nigh  ineradicable  prejudice  of  simple-minded  persons  that  everybody  is 
exactly  the  same  as  them.  Although  it  is  true  in  general  that  psychic  differences  are 
admitted  as  a  theoretical  possibility,  in  practice  one  always  forgets  that  the  other  person  is 
different  from  oneself,  that  he  thinks  differently,  feels  differently,  sees  differently,  and 
wants  quite  different  things.  Even  scientific  theories,  as  we  have  seen,  start  from  the 
assumption  that  the  shoe  pinches  everyone  in  the  same  place  . . .  This  prejudice  is  evidently 
a  vestige  but  a  very  potent  one — of  a  primitive  frame  of  mind  which  is  based  essentially  on 
an  insufficiently  differentiated  consciousness.  Individual  consciousness  or  ego- 
consciousness  is  a  late  product  of  man's  development.  Its  primitive  form  is  a  mere  group 
consciousness.  (C.  G.  Jung,  Civilization  in  Transition,  CWIO,  Princeton  University  Press, 
Princeton,  NJ,  1964,  p.  135-136.) 


Sampling  Validity  j  u  i4.u 

A  form  of  content-oriented  validity  in  which  an  analytical  argument  is  made  that  the 

items  fully  represent  the  factor  being  measured  by  reference  to  prior  research  or 
authorized  formal  documentation  (IRMC  Measuring  Results  of  Organizational 
Performance  Course). 
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ubstitutmg  rules  for  judgment  starts  a  self-defeating  cycle,  since  judgment  can  only  be 
developed  by  using  it.  (Dee  Hock  at  VISA,  quoted  by  Thomas  J.  Peters  and  Robert  H. 

Waterman,  Jr.,  In  Search  of  Excellence,  Warner  Books,  New  York,  1982,  p.  278.) 

Scalability 

The  ability  of  a  system  to  respond  to  and  support  exponential  increases  in  activity 
both  in  the  short-term  and  over  time  (based  on  Glossary  ofIM/IT  &  KM  Terms),  Pilot 
programs  are  often  employed  to  test  the  effects  of  proposed  enterprise  systems. 
Scalability  then  becomes  a  major  consideration  not  directly  addressed  in  the  pilot 
prograrn.  The  remaining  risk  is  that  which  worked  on  a  small  scale  (e.g.,  in  the  pilot)  may 
not  work  at  a  larger  scale  (the  entire  enterprise).  Some  enterprise  resource  plans,  for 
instance,  are  designed  for  small  or  mid-size  users  and  are  simply  inadequate  to  large 
busmesses  or  enterprises.  In  addition,  an  organization  must  consider  future  growth,  not 
only  m  users,  but  also  in  functionality.  As  a  system  is  successful,  and  this  success 
permea^s  the  organization,  people  will  devise  a  continuing  stream  of  expansions  in 
^age.  Thus,  extrapolating  from  the  past  can  be  quite  misleading  and  highly  inaccurate 
The  famous  story  of  Xerography  relates  that  the  inventor  ran  out  of  funds  without  quite 
completing  the  invention  of  the  Xerox  machine.  So,  he  went  to  IBM,  offering  the  company 
a  large  equity  (partial  ownership)  in  the  business  if  they  would  provide  $1  million  to 
complete  the  development.  IBM  hired  a  consulting  accountancy  firm  (of  high  repute)  to 
perform  a  tradeoff  analysis.  They  compared  Xerox  versus  carbon  paper,  concluding  that 
the  investment  was  not  worthwhile.  Eventually,  the  inventor  found  the  funds  elsewhere 
completed  development,  and  the  rest  is  history.  The  analysts  forgot  the  human  factor—  ' 
once  a  dramatically  new  development  takes  place,  people  extend  it  into  near-infinite  new 
areas  and  applicahons.  This  is  consistent  with  Thomas  Kuhn's  popularization  of  the 

paradigm  process  of  the  Philosophy  of  Science  described  in  his  classic  masterpiece.  The 
Structure  of  Scientific  Revolutions. 

Flash  powder  makes  a  more  brilliant  light  than  the  arc  lamp,  but  you  cannot  use  it  to 
light  your  street  comer  because  it  doesn't  last  long  enough.  Stability  is  more  essential  to 
success  than  brilliancy.  (Richard  Lloyd  Jones,  quoted  by  Jacob  Braude  in  Neiu  Treasury  of 
Stones  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June 

■I  O/vJ.y 

Script  Kiddies 

Unsophisticated  hackers  who  use  other  hacker's  software  packages  (scripts)  Hacker 
sites  post  such  scripts  for  others  to  use-promoting  the  talents  of  the  hacker  who 
designed  them.  They  often  warn  the  script  kiddies  that  such  scripts  have  short  half- 
hves— cybercops  become  aware  of  them  quickly— putting  the  script  kiddies  at  risk  of 


Role  confusion  is  an  unconsciously  motivated  defence  to  which  individuals  have 
recourse  m  order  to  avoid  the  anxiety  produced  by  disjunctions  between  their  personalities 
^d  the  demands  of  the  roles  they  carry.  (Elliott  Jaques,  The  Changing  Culture  of  a  Factory, 
Dryden  Press,  New  York,  1952,  p.  300.)  J 
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Search  Engine 

A  program  that  searches  documents  for  specified  keywords  or  phrases  and  returns  a 
list  of  the  documents  where  the  keywords  were  foxmd.  Although  scorch  engine  is  really  a 
general  class  of  programs,  the  term  is  often  used  to  specifically  describe  programs  such  as 
Alta  Vista  and  Excite,  which  enable  users  to  search  for  documents  on  the  World  Wide 
Web.  Typically,  a  search  engine  works  by  sending  out  a  spider  to  fetch  as  many 
documents  as  possible.  Another  program,  called  an  indexer,  then  reads  these  documents 
and  creates  an  index  based  on  the  words  contained  in  each  document  (based  on  Glossary 
ofIM/IT  &  KM  Terms).  Research  is  under  way  to  improve  upon  both  the  search  process 
itself  and  on  the  indexing  function.  Some  vendors  provide  applications  that  will  index  the 
contents  of  specified  computer  drives  so  that  the  user  can  later  search  for  (and  quickly 
find)  items  included  in  those  drives.  Of  course,  the  function  must  be  run  periodically  to 
include  new  materials.  Various  algorithms  (such  as  Bayesian  statistics)  are  employed  in 
indexing.  However,  a  Web  search  engine  may  return  thousands  of  responses  that  are  not 
necessarily  prioritized  accurately  in  terms  of  human  values.  Artificial  intelligence 
methods  are  being  applied  to  searching,  especially  neural  networks  and  case-based 
reasoning  (CBR)  tools.  The  Department  of  the  Navy  Chief  Information  Officer's 
Knowledge-Centric  Organization  CD  (version  2.0)  incorporates  a  CBR  tool  for  its  guided 
search  function.  Such  tools  provide  a  more  content-oriented  search  versus  the  usual 
keyword  search  techniques  provided  by  most  Web  search  engines. 

When  you  know  a  thing,  to  hold  that  you  know  it;  and  when  you  do  not  know  a  thing, 
to  allow  that  you  do  not  know  it.  This  is  knowledge.  (Confucius,  The  Wisdom  of  Confucius, 

Peter  Pauper  Press,  Mt.  Vernon,  NY,  1963,  p.  43.) 

Seat  Management— see  Navy /Marine  Corps  Intranet  (NMCI) 

An  outsourcing  vehicle  providing  desktop-type  computing  as  a  unified  service, 
including  day-to-day  operational  support  to  the  user  and  network.  Examples  include  the 
National  Aeronautics  and  Space  Administration's  outsourcing  desktop  initiative  (ODIN), 
the  General  Service  Administration's  seat  management  contract,  ^  and  the  recent 
Navy /Marine  Corps  Intranet  (NMCI)  contract.  The  Department  of  the  Treasury  and  the 
Health  Care  Financing  Administration  are  also  using  the  Odin  contract.  Odin  has  50,000 
seats  and  $4-13  billion  over  10  years.  With  a  seat  management  contract,  the  government 
does  not  own  any  of  the  computers  or  software,  but  buys  a  computing  service  from  the 
contractor.  Users  can  contract  for  a  spectrum  of  levels  of  services  included  in  the  contract. 
In  today's  business  environment  of  shrinking  budgets,  fewer  employees,  increasing 
demand  for  faster  and  better  services,  more  reliance  on  technology,  and  a  shortage  of  IT 
workers  (see  the  Hudson  Report,  Workforce  2000),  the  Department  of  Defense  needs 
methods  to  focus  its  efforts  and  its  workforce.  Outsourcing  efforts  (such  as  seat 
management)  can  help.  According  to  Gartner,  the  5-year  total  cost  of  ownership  (TCO)  for 

a  seat  is: 


311 


Estimated  TCO  Cos 


1987 

1995 

2000 

$19,296 

$41,439 

$45,000 

is  per  Seat 


a.  Generally  75  percent  service  +  25  percent  hardware  and  software 


Gartner  estimates  present  costs  to  vary  from  $8,288  to  $10,786  per  seat  (as  of  2000);  the 
Harris  Corp.  study  estimated  present  per  seat  TCOs  at  $8,224  versus  $8,399  for  seat 
management  Thus,  seat  management  is  not  always  the  cheapest  solution.  GSA  awarded 
its  contracts  in  July  1998  and  opened  them  up  for  government-wide  acquisition  contract¬ 
like  use  by  other  agencies  and  activities.  They  are  5-year  multiple  award  contracts  with  5- 
year  options.  GSA  initially  issued  task  orders  against  them  for  its  own  use.  A  seat 
management  program  office  was  established.  Prime  contractors  include:  IBM,  EER,  FE)C 
Technologies,  PRC,  DYNCORP ,  Wang  Government  Services,  and  Multimax.  Government 
agencies  are  generally  required  to  report  to  Congress  if  outsourcing  efforts  will  result  in 
the  loss  of  more  than  10  government  employees,  but  this  may  not  apply  if  the  personnel 
are  moved  to  fill  needed  vacancies.  In  addition  to  the  federal  contracts,  the  State  of 
Connecticut  has  a  seat  management  contract  with  EDS  Corp.  for  $1  billion  over  7  vears 
(IRMC  New  World  of  the  CIO  Course). 

More  recently,  the  Department  of  the  Navy  (DON)  awarded  the  NMCI  $7-billion 
contract  to  a  large  team  headed  by  EDS  Corp.  Despite  predictions  regarding  seat  costs, 
me  NMCI  cost  was  considerably  lower  than  these  pessimistic  predictions.  Congress  and 
OSD  did  slow  down  and  restrict  initial  NMCI  efforts,  due  to  many  political  and 
psychological  considerations.  Unfortunately,  these  tend  to  be  self-fulfilling  prophecies. 
Nevertheless,  NMCI  has  now  begun  to  install  and  operate  systems  in  the  Navy.  In 
addition  to  the  usual  costs  and  benefits  discussed  regarding  seat  management,  NMCI 
addresses  current  security  vulnerabilities  by  introducing  smart  cards,  public  key 
infrastructure,  etc.,  and  rectifies  the  huge  range  of  capabilities  now  extant  in  DON — 
standardizing  them  into  a  manageable  set  that  are  automatically  refreshed  per  industry 
standards.  NMCI  potentially  will  support  400,000  users,  the  largest  seat  management 
program  by  far.  The  initial  40,000  seats  or  so  should  demonstrate  its  technical  feasibility 
but  not  necessarily  its  potential  cost-effectiveness. 

Despite  Congressional  support  for  outsourcing  and  A-76,  Congress  is  presently 
unwilling  to  authorize  more  Base  Realignment  and  Closure  Act  rounds  or  to  allow  NMCI 
to  include  depots.  There  is  a  continual  stress  between  making  the  government  more 
responsive  and  cost-effective  and  -efficient  on  one  hand  and  political  realities  of 
Congressional  districts  and  economics  on  the  other.  This  ambiguity  is  perhaps  inherent  in 
the  American  political  system.  Change  management  efforts  need  to  consider  such 
political,  as  well  as  psychological  or  cultural,  factors  when  planning  for  success.  NASA 
seat  management  ht^: / / outsource.gsfc.nasa.gov  /;  U.S.  Army  seat  management; 

Mtp:  /  / pmscp.monmouth.army.mil/  (IRMC  Critical  Information  Systems  Technologies 
Course).  The  State  of  Connecticut's  seat  management  contract:  $1  billion,  7  years,  with 
EDS  Corp.,  was  for  all  computing  operations  statewide.  It  has  been  said  that  seat 
management  requires  a  federal  culture  change  to  relinquish  control,  become  a  user  vice 
owner,  and  orient  services  towards  measurable  levels,  making  desktop  services  a  utility 
(IRMC  Advanced  Software  Acquisition  Management  Course). 
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[Artifacts,  procedures,  etc.,  are]  yesterday's  congealed  dreams  ...  a  process  of 
petrification. . . .  weightless  ideals  turning  into  heavy  artifacts  . . .  living  things  turned  into 
stone.  (Stephen  Denning,  The  Springboard,  Butterworth-Heinemann,  Boston,  2001,  p.  192.) 

Secondary  Data  Collection 

The  use  of  existing  data  that  was  originally  measured  for  other  purposes.  Primary 
data  collection  is  the  collection  of  data  for  the  first  time  to  meet  a  specific  evaluation 
purpose  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

Life  can  only  be  understood  backward,  but  it  must  be  lived  forward.  (Kierkegaard, 
quoted  by  George  Steiner  in  Top  Management  Planning,  MacMillan  &  Co.,  New  York,  1969, 

p.  208.) 

Section  508  (Rehabilitation  Act)  (29  U.S.C.  798)  8/7/98— see  Networked  Improvement 
Community,  Voice  Application  Networks,  and  Extensible  Markup  Language 

The  Accessibility  Standards,  Section  508,  Rehabilitation  Act  (of  1973)  Amendments  of 
1998.  Section  508  requires  that  federal  agencies  must  ensure  comparable  accessibility  to 
persons  with  disabilities  whenever  that  agency  uses  electronic  or  IT,  unless  such  access 
would  impose  an  imdue  burden.  For  further  information,  see  the  Section  508  standards  at: 
http:  /  / www.access-board.gov  / news  / 508-final.htm  {Glossary  ofllSA/TT  &  KA4  Terms) . 
Limited  numbers  of  copies  of  a  Section  508  video  have  been  available  from  the 
Department  of  the  Navy  Chief  Information  Officer  (DON  CIO).  The  Department  of 
Commerce  established  its  Committee  on  Resources  for  Electronic  Accessible  Technology 
to  End  Users  (CREATE),  and  the  government  established  the  interagency  Council  on 
Accessible  Technology  (COAT);  see  Arm  Mercier's  "GSA,  COAT  Team  to  Tackle 
Computer  Access  for  Disabled"  {Federal  Computer  Week,  August  5, 1991)  (IRMC  New 
World  of  the  CIO  Course).  Also,  see  http:  /  / www.disabilitv.govZ; 
http:  /  /www.section5Q8.gov  / :  http:  /  / www.access-board.govZ;  and/ or 
http:  /  /www. tricare.osd.mil  /  cap  / ,  where  CAP  is  the  Computer /Electronic 
Accommodations  Program.  The  section  states  that  "When  developing  procuring, 
maintaining,  or  using  electronic  or  IT,  each  federal  department  or  agency  shall  ensure 
access  to  information  and  data  by  persons  with  disabilities  comparable  to  access  available 
to  persons  without  disabilities."  However,  National  Security  Systems  are  exempt. 

The  Architectural  and  Transportation  Barriers  Compliance  Board  (Access  Board)  was 
to  define  standards  by  February  27, 2000,  for  inclusion  in  the  Federal  Acquisition 
Regulations;  "undue  burden"  must  be  explained  in  procurement  documentation;  the 
Federal  Communications  Commission  proposes  to  apply  it  to  telecommumcations 
services  (e.g.,  voice  mail)  but  not  to  Web  pages  or  e-mail.  The  National  Federation  of  the 
Blind  has  sued  America  Online  (as  a  "public  accommodation")  for  lack  of  compliance 
with  the  Americans  with  Disabilities  Act  (ADA)  (IRMC  Advanced  Information  System 
Acquisition  Course).  See  Susan  TurnbulTs  article  on  the  Federal  Architecture  and 
Infrastructure  Committee  of  the  Federal  CIO  Council's  guide.  Extending  Digital  Dividends: 
Public  Goods  and  Services  that  Work  for  All,  on  the  Federal  CIO  Council  Knowledge 
Management  Working  Group  CD  distributed  by  the  DON  CIO.  She  identifies  three 
promising  Internet-based  technologies:  voice  application  networks,  extensible  markup 
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language,  and  networked  improvement  communities,  which  could  "dramatically  extend 
the  reach,  quality,  and  usefulness  of  public  information."  For  more  information,  call  202- 
501-6214  or  write  susan.turnbull@gsa.gov. 


One  action  is  worth  more  than  a  thousand  sighs.  (Jacob  Immanuel  Schochet,  Chassidic 
Dimensions,  Vol.  3  of  The  Mystical  Dimension  trilogy,  Kehot  Publication  Society,  Brooklyn 
NY,  1990,  p.  207.) 

Secure  Electronic  Transaction  (SET) 

"A  secure  payment  protocol  developed  by  MasterCard®  and  Visa®  designed  to  ensure 
security  for  bank  card  transactions  over  the  Internet.  It  denies  merchants  access  to  credit 
card  information,  thus  keeping  it  secure  between  the  shopper  and  the  bank"  (PC  Magazine 
-http:/ / www.pcmag.com/).  SET  requires  a  customer  to  create  a  wallet,  enclosing 
encrypted  credit  card  numbers.  To  make  a  purchase,  the  customer  sends  the  encrypted 
credit  card  number  to  the  merchant's  server;  the  merchant  digitally  signs  the  payment 
message  and  forwards  it  to  an  online  bank;  the  bank  decrypts  all  the  information,  runs  the 
credit  or  charge,  signs  the  purchase  request,  stores  it  for  future  reference,  and  sends  a 
receipt  back  to  the  merchant  and  customer. 

He  has  out-soared  the  shadow  of  our  night; 

Envy  and  calumny  and  hate  and  pain. 

And  that  unrest  which  men  miscall  delight. 

Can  touch  him  not  and  torture  not  again; 

From  the  contagion  of  the  world's  slow  stain 
He  is  secure,  and  now  can  never  mourn 
A  heart  grown  cold,  a  head  grown  grey  in  vain. 

(Percy  Bysshe  Shelley  [1792-1822],  Adonais,  1821  XL,  from  The  Oxford  Dictionary  of 
Quotations,  Oxford  University  Press,  New  York,  1980,  p.  499,  No.  21.) 

Secure  Sockets  Layer  (SSL) 

Transmission  security  standard  developed  by  Netscape  Communications  to  enable 
secure  commercial  transactions  to  take  place  over  the  Internet.  Utilizing  encryption,  it 
creates  a  secure  relationship  between  the  client  and  server,  allowing  server  authentication, 
data  encryption,  and  data  integrity  (based  on  Glossary  of  MAT  &  KM  Terms).  SSL  protects' 
ordering  and  credit  card  information,  but  it  does  not  protect  the  merchant.  It  is  one-way 
encryption.  A  small  lock  is  generally  shown  at  the  bottom  right  of  the  purchaser's  screen. 
Also,  browsers  normally  warn  the  user  concerning  use  of  secure  sites  (unless  the  user 
turns  off  the  warning  mechanism).  Merchant  risks  under  SSL  are  the  same  as  for  phone  or 
catalog  orders— primarily  based  on  credit  card  risks.  SSL  lacks  some  of  the  privacy  and 
digital  certificate  risks  and  complications  of  public  key  infrastructure  (PKI),  but  it  is  also, 
essentially,  a  one-way  (unidirectional)  system.  Thus,  it  is  not  comparable  to  PKI  or  pretty 
good  privacy  (PGP)  and  is  capable  of  meeting  all  of  their  operational  requirements.  See 
http:/  /WWW, celocom.com,  Charles  Breed,  PKI:  The  Myth,  the  Magic  and  the  Reality, 
http:/ /networking.earthweb.com /net.secur/article/0.12n84  615851  S.nn.hhn],  used  in 
IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course).  Web  site 
addresses  with  "https"  (versus  http)  have  been  SSL-enabled;  the  client  portion  is  already 
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built  into  the  browser  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and 
Policies  Course). 


Our  watchword  is  security.  (William  Pitt,  Earl  of  Chatham,  1708-1778,  from  The  Oxfovd 
Dictionary  of  Quotations,  Oxford  University  Press,  New  York,  1980,  p.  374,  No.  1.) 

Security  and  Assurance 

One  of  the  10  federal  chief  information  officer  (CIO)  competencies,  specified  by  the 
Federal  CIO  Council  Executive  Board,  included  in  the  IRMC's  curriculum  for  the  CIO 
certificate  (IRMC  New  World  of  the  CIO  Course). 

The  Security  Systems  Engineering  Capability  Maturity  Model  (SSE  CMM)' 


Level 

Management 

Organizational 

Engineering 

5.  Optimizing 
(work  the 
measures) 

Process  change  management 

Technology  change 
management 

Defect  prevention 

4.  Managed 
(measure  the 
work) 

Quantitative  process 
management 

Security  validation 
Security  vulnerability 
analysis 

Quality  management 

3.  Defined  (work 
the  plan) 

Security  coordination 

External  coordination 
Inter-group  coordination 
Integrated  project 
management 

Organization 
process  focus 
Organization 
process  definition 
Training  program 

Security  concept 
Security  verification 
Evidence 
management 

Peer  reviews 

2.  Repeatable 
(plan  the  work) 

Requirements  management 
Project  planning 

Project  tracking  and  oversight 
Subcontract  management 
Quality  assurance 
Configuration  management 

Security 

requirements 

Security  design 

Security 

implementation 

1.  Initial  (work 

Ad  hoc  processes 

Ad  hoc  processes 

Ad  hoc  processes 

and  work) _ _ _ _ L _ I - ^ - 

a.  John  Egan,  "IS  Threats  to  Software  Intensive  Systems,"  Software  Technology  Conference,  April  27  to 
May  2, 1997. 


Memo:  How  to  clean  the  cat 

1.  Thoroughly  clean  the  toilet. 

2.  Add  the  required  amount  of  shampoo  to  the  toilet  water,  and  have  both  lids  lifted. 

3.  Obtain  the  cat  and  soothe  him  while  you  carry  him  towards  the  bathroom. 

4.  In  one  smooth  movement,  put  the  cat  in  the  toilet  and  close  both  lids  (you  may  need 
to  stand  on  the  Hd  so  that  he  cannot  escape).  CAUTION:  Do  not  get  any  part  of  your  body 
too  close  to  the  edge,  as  his  paws  will  be  reaching  out  for  anything  he  can  find. 

5.  Flush  the  toilet  three  or  four  times.  This  provides  a  "power  wash  and  rinse"  which  I 
have  found  to  be  quite  effective. 


http:  /  /  wp.netscape.com  /  securiW  /  techbnets  /  ssl.htmi 
http:/  /developer.netscape.com/tech/ security /ssl/howitworks.html 
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6.  Have  someone  open  the  door  to  the  outside  and  ensure  that  there  are  no  people 
between  the  toilet  and  the  outside  door. 

7.  Stand  behind  the  toilet  as  far  as  you  can,  and  quickly  lift  both  lids. 

8.  The  now-clean  cat  will  rocket  out  of  the  toilet,  and  run  outside  where  he  will  dry 

himself.  ^ 

Sincerely,  The  DOG.  (Internet  e-mail  joke.) 

Selection  Interaction— see  Threats  to  Acceptance 

A  threat  to  acceptance  of  evaluation  results  that  says  the  particular  selection  of  cases 
led  to  these  results  and  that  if  another  set  of  cases  were  used,  the  results  could  have  been 
very  different  (IRMC  Measuring  Results  of  Organizational  Performance  Course) 

As  one  of  my  favorite  professors  once  said,  "The  best  students  are  those  who  never 
quite  believe  their  professors."  And  "One  ought  not  to  reject  the  data  merely  because  one 
does  not  like  what  the  data  implies."  (Jim  Collins,  Good  to  Great,  Harper  Business,  New 
York,  2001,  p.  16.) 

Selective  Perception,  Frame  Blindness,  and  Confirmation  Bias— see  Framing 

Process  whereby  a  person  only  sees  things  that  he  or  she  expects  or  that  confirm  his  or 
her  hypothesis  or  viewpoint  and  does  not  see  what  is  unexpected  or  contradicts  his  or  her 
hypothesis  or  viewpoint.  Generally,  this  is  considered  an  unconscious  process,  but  it  can 
also  be  a  conscious  one.  It  parallels  a  debate  in  which  one  promotes  one's  position  while 
Ignoring  the  opposite  position.  Similarly,  a  news  report  might  not  include  any  literal 
untruths,  but  its  import  or  impact  could  be  misleading  by  ignoring  conflicting  or 
additional  (statistical)  information  or  knowledge.  Con  artists  use  such  techniques  in 
performing  fraudulent  schemes.  Such  presentations,  if  not  inadvertent,  can  be  considered 
to  be  second-order  prevarications.  (Literal  untruths  are  first-order  prevarications.)  Many 
instances  of  selective  perception  are  unintentional  and  may  be  created  through  lack  of 
training  or  experience.  For  instance,  new  implementers  of  KM  may  overemphasize  the 
technical  aspects  (or  the  human  aspects)  giving  an  unbalanced  view  of  KM.  Such  a  lack  of 
balance  can  result  in  unsuccessful  implementations  of  KM  or  any  other  endeavor. 
Integrated  product  teams  help  to  offset  selective  perception  by  employing  a  diverse 
group  of  people  with  very  different  perspectives  and  even  values.  The  12-person  jury 
system  in  the  United  States  is  another  attempt  to  short-circuit  this  potential  problem. 
Imposition  of  Circular  A-76  creates  a  significant  emotional  experience  that  can  force  a 
change  in  framing  and  selective  perception.  Notable  examples  of  selective  perception  et 
al.  include:  "Heavier-than-air  flying  machines  are  impossible"  (Lord  Kelvin,  president  of 
the  British  Royal  Society,  c.  1895),  "Reagan  doesn't  have  the  presidential  look"  (United 
Artists  Executive,  dismissing  Reagan  as  a  candidate  star  for  the  movie  "The  Best  Man"  in 
1964),  "A  severe  depression  like  that  of  1920-1921  is  outside  the  range  of  probability" 
(Harvard  Economic  Society  Weekly  Letter,  November  16, 1929),  "They  couldn't  hit  an 
elephant  at  this  dist — "  (last  words  of  Union  Army  General  John  Sedgwick  during  the 
Battle  of  Spotsylvania,  1864)  from  J.  Edward.  Russo  and  Paul  J.  H.  Schoemaker's  Decision 
Traps  (Simon  &  Schuster,  1990).  Usage  of  output  versus  outcome  measures  is  a  form  of 
frame  blindness.  People's  reluctance  to  admit  mistakes  makes  them  vulnerable  to 
confirmation  bias  and  related  phenomena  (IRMC  Leadership  for  the  2T'  Century  Course). 
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People  tend  to  see  what  they  want  to  see.  Out  of  a  mass  of  detailed  information  they 
tend  to  pick  out  and  focus  on  those  facts  that  confirm  their  prior  perceptions  and  to 
disregard  or  misinterpret  those  that  call  their  perceptions  into  question.  (Robert  Fisher  and 
William  Ury,  Getting  to  Yes,  Bruce  Patton,  Ed.,  Penguin  Books,  New  York,  1981,  p.  23.) 

Semantic  Analysis  (Semiotics) 

The  analysis  of  meaning  in  text.  Software  programs  that  analyze  documents  by 
identifying  concepts  and  their  relative  importance  to  the  subject  of  the  document  and  to 
each  other.  These  utilities  can  form  the  basis  for  accurate  search  and  knowledge 
discovery.  Presently,  however,  they  are  statistical  in  nature  and  are  not  capable  of 
producing  meaning  by  themselves.  They  do,  however,  suggest  possibilities  to  hmnan 
analysts.  Meaning  creation  is  context  based  and  inherent  in  converting  information  into 
knowledge.  Often,  considerable  tacit  knowledge  is  required  to  accurately  perform  such 
conversions.  Software  does  not  contain  tacit  knowledge — once  tacit  knowledge  is  codified 
it  has  been  converted  to  explicit  knowledge. 

Things  are  not  always  what  they  seem.  (Phaedrus,  c.8  A.D.,  Fables,  Book  IV,  Fable  2, 1.5, 

Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  129.) 

http:  /  /carbon.cudenver.edu/~mryder/itc  data/semiotics.html 
http:  /  /academic.brooklyn.cunv.edu/ soc/ semiotics/. 

General  Semantics  (GS): 

http:  /  / w^w.kcmetro.cc.mo.us/pennvalley /biology /lewis/ gs.htm;  "The  word  is  not  the 
thing,  the  map  is  not  the  territory"  http:/ /www.esgs.org/ uk/gshome.htin, 
http:  /  /www.generalsemantics.org/,  http:  /  /  www.general-semantics,o.rgZ. 

Semantic  Differential  Scale — see  Central  Tendency 

A  scale  represented  by  opposing  pairs  of  words  or  phrases  separated  by  typically 
seven  scale  points  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

Letting  something  remain  good  when  it  can  become  great — is  a  secular  sin.  (Jim  Collins, 

Good  to  Great,  Harper  Business,  New  York,  2001,  p.  161.) 

Senior  Privacy  Officer  (SPO)— see  Confidentiality,  Integrity,  Availability, 
Nonrepudiation,  and  Authentication  (CIANA),  CXO 

The  senior  government  official  responsible  for  formulating,  developing, 
implementing,  and  promoting  effective  privacy  protection  strategies  and  programs  to 
ensure  the  highest  degree  of  public  confidence  in  the  organization's  integrity,  efficiency, 
and  fairness  {Glossary  ofIM/IT  &  KM  Terms).  The  SPO  is  comparable  to  some  commercial 
organizations'  chief  privacy  officers.  Following  the  initial  entry  of  government  offices  into 
the  Internet  via  a  multiplicity  of  Web  sites  and  pages.  Policy  was  formulated  to  better 
protect  the  privacy  of  government  employees  as  well  as  the  enterprise.  For  instance, 
sensitive  but  unclassified  information  should  not  be  made  public.  Information  security 
audits  (e.g.,  the  General  Accoimting  Office  audit  of  the  Department  of  State  in  1998)  have 
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indicated  that  additional  attention  needs  be  paid  to  information  privacy,  in  accordance 
with  information  security  and  CIANA  principles. 

Anyone  who  follows  a  middle  course  is  called  a  sage.  (Maimonides,  in  3,500  Good 
Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  272.) 

Sensitive  But  Unclassified  (SBU) 

Formerly  identified  as  for  official  use  only  (FOUO),  SBU  identifies  information  that 
does  not  receive  a  security  classification  (e.g.,  confidential)  but  is  considered  sensitive 
(e.g.,  government  proprietary  or  private).  The  Computer  Security  Act  of  1987  (P.L.  100- 
235)  defines  sensitive  information  as:  ^'any  information,  the  loss,  misuse,  or  unauthorized 
access  to  or  modification  of  which  could  adversely  affect  the  national  interest  or  the 
conduct  of  federal  programs,  or  the  privacy  to  which  individuals  are  entitled"  under  the 
Privacy  Act  of  1974,  as  amended.  The  Privacy  Act  requires  federal  agencies  to  keep 
personal  information  about  individuals  "confidential."  It  is  not,  however,  referring  to  the 
Department  of  Defense  security  classification  (IRMC  Managing  Networked  Security  in  a 
Networked  Environment  Course). 

I've  read  some  of  your  modem  free  verse  and  wonder  who  set  it  free.  (John  Barrymore, 
in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubledav,  Garden  Citv  NY 
1983  p.  182.)  ' 

Service  Level  Agreement  (SLA) 

A  contractual  vehicle  between  a  service  provider  and  a  customer  that  specifies 
performance  requirements,  measures  of  effectiveness,  reporting,  cost,  and  recourse.  They 
usually  include  specified  repair  turnaround  times  for  users.  Seat  management  contracts 
such  as  the  Navy /Marine  Corps  Intranet  (NMCI)  rely  heavily  upon  SLAs.  Individual 
activities  (e.g.,  military  bases)  specify  how  many  of  each  optional  functionalities  and 
service  support  levels  they  wish  to  have — with  the  corresponding  costs  associated  with 
these  levels.  This  enables  users  to  tailor  the  contract  to  their  needs.  Initially,  NMCI  had 
three  basic  performance  levels,  several  different  configurations  (portable  and 
nonportable),  and  three  different  repair  levels.  However,  the  contractor  is  also  required  to 
maintain  performance  levels  relative  to  industry  standards  over  time  (i.e.,  technology 
refreshed). 

The  only  way  to  deliver  to  the  people  who  are  achieving  is  to  not  burden  them  with  the 
people  who  are  not  achieving.  (Jim  Collins,  Good  to  Great,  ITarper  Business,  New  York  2001 
p.53.) 

Services — see  Components  and  Departments 

1)  The  four  military  services — Army,  Air  Force,  Marine  Corps,  and  Navy — within  the 
Department  of  Defense:  USA,  USAF,  USMC,  and  USN. 

2)  The  seven  uniformed  services  of  the  United  States  Government  (USG)  such  as  the 
U.S.  Coast  Guard  (USCG).  The  USCG  (though  part  of  the  Department  of  Transportation 
in  time  of  peace)  becomes  a  part  of  the  USN  in  time  of  war. 

3)  Useful  labor  that  does  not  produce  a  tangible  commodity. 
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4)  Performing  any  of  the  business  functions  auxiliary  to  production  or  distribution 
(Webster's  New  Collegiate  Dictionary,  1976). 


In  their  own  eyes,  their  very  identities  are  enmeshed  with  their  sense  of  the 
organization.  (Stephen  Denning,  The  Springboard,  Butterworth-Heinemann,  Boston,  2001,  p. 

13.) 

Shared  Data  Engineering  (ShaDE) 

A  strategy  identifying  how  to  share  data  resources  at  the  application  level.  It  promotes 
interoperability  by  merging  data  administration  and  database  administration  disciplines. 
Data  element  standards  are  designed  and  engineered  for  reuse  and  easy  downloading  by 
users  in  reference  data  sets  (RDS).  Data  and  domain  values  are  also  included  (IRMC 
Advanced  Information  System  Acquisition  Course). 


33.  Space  is  a  completely  imforgivmg  environment.  If  you  screw  up  the  engineering, 
somebody  dies  (and  there's  no  partial  credit  because  most  of  the  analysis  was  right. . . ). 
(David  Akin,  professor.  University  of  Maryland,  "Akin's  Laws  of  Spacecraft  Design" 
[received  via  Internet  e-mail]  and  confirmed  by  Dr.  Akin  dakin@timd.edu  or 
D AK1N@SS1  ..UMD.EDU.  See  http:  /  /spacecraft.ssl.umd.edu/academics/ 
akins  law’S.html.) 


[Author's  Note:  Remember  the  bombing  of  the  Chinese  Embassy.] 

Shukko 

In  Japan,  many  companies  employ  the  practice  of  "shukko,"  wherein  a  company  will 
loan  an  employee  to  a  supplier  or  vice  versa  for  either  a  short  or  long  term.  For  short-term 
assignments,  the  loaning  company  pays  the  bill;  for  long-term  ones,  the  two  firms  split  the 
costs. 

The  people  of  each  firm  immerse  themselves  in  the  routines  of  the  other,  thereby 
gaining  access  to  the  partner's  stock  of  tacit  knowledge.  A  clear  benefit  is  that  learning 
takes  place  without  the  need  first  to  convert  tacit  knowledge  to  explicit  knowledge.  This 
saves  time  and  resources  and  better  preserves  the  original  knowledge  base  . . .  Engineers 
employed  by  a  "parent"  assembler  such  as  Toyota  will  work  for  sustained  periods  on  the 
floor  of  a  supplier  in  order  to  assist  it  in  meeting  Toyota's  stringent  standards  of  quality 
and  schedule  of  price  reductions.  Conversely,  a  supplier  of  key  components  on  whom 
Toyota  depends  (such  as  Denso  or  Toshiba  for  automotive  electronics)  will  locate  its 
people  at  Toyota  to  ensure  that  components  are  designed  and  produced  to  Toyota's 
specifications.^® 

Practice  is  the  best  of  all  instructors.  (Publilius  Syrus,  first  century  B.C.,  Maxim  439, 
from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  125.) 

Simple  Object  Access  Protocol  (SOAP) 

Provides  a  way  for  applications  to  commimicate  with  each  other  over  the  Internet, 
independent  of  platform.  SOAP  relies  on  extensible  markup  language  (XML)  to  define  the 
format  of  the  information  and  then  adds  the  necessary  hypertext  transfer  protocol  (HTTP) 
headers  to  send  it  (Glossary  oflM/IT  &  KM  Terms). 
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I  had  an  aunt  in  Yucatan 

Who  bought  a  Python  from  a  man 

And  kept  it  for  a  pet 

She  died,  because  she  never  knew 

These  simple  little  rules  and  few; — 

The  Snake  is  living  yet. 

(Hilaire  Belloc,  1870-1953,  The  Python,  from  The  Oxford  Dictionary  of  Quotations,  Oxford 
University  Press,  New  York,  1980,  p.  40,  No.  4.) 

Simplified  Acquisition  Procedures — see  Micro  Purchases 

Government  purchases  from  small  businesses  between  $2,500  and  $100,000,  for  which 
electronic  commerce  is  the  preferred  means.  Micro  purchases  are  imder  $2,500. 

Small  Business  Administration:  http: /  /www.SB Aonline.SBA.^ov. 

Strike  whilst  the  iron  is  hot.  (Rabelais  [1534  A.D.],  book  II  from  Familiar  Quotations  by 
John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  125.) 

Simulation — see  Model  and  Pilot  Project 

A  method  in  which  a  target  process  is  artificially  created  through  analogy.  A  typical 
implementation  is  to  approximate  a  proposed  process/ product  via  computer  software 
(there  are  specific  tools  and  languages  for  such  purposes).  Various  combinations  of 
circumstances  and  variables  can  then  be  run  through  the  computer  simulation  to  compare 
and  contrast  the  results.  The  value  of  the  simulation  depends  upon  how  closely  it  models 
or  depicts  reality.  Like  any  other  analogy  or  metaphor,  no  simulation  is  perfect.  However, 
simulations  can  provide  significant  information  relatively  quickly  and  inexpensively  in 
many  cases.  Per  Arie  de  Geus  ( 'Planning  as  Learning,"  Harvard  Business  Review,  1988, 
88202  March- April),  "One  characteristic  of  play,  as  the  Tavistock  Institute  in  London  has 
shown,  is  the  presence  of  a  transitional  object.  For  the  person  playing,  the  transitional 
object  is  a  representation  of  the  real  world.  A  child  who  is  playing  with  a  doll  learns  a 
great  deal  about  the  real  world  at  a  very  fast  pace"  (IRMC  Leadership  for  the  2T'  Century 

Course),  http:/ /vy wvv.disa.mil/  (IRMC  Critical  Information  Systems  Technologies 
Course). 


http:/  /  www.marketplace-simulation.com  / 

http:/ / www.simulearn.net/?source=overture  simulations 

http:  /  / w ww.inodel .com  / ?v=2057.32&p=7298793&s=4.859952fec=hdl  overture  kevwo 
rd.gjf 


http 


http 


http 


http 


http 


/  /  www.micro.soft.com  /  games  / 


/  /  wwvv.uchsc.edu  /sm  /chs  / 


ZZwww.disa.mil/coe/aog  twg/twg/coptwg/DIlCOEMSTRSBrieK^l  nnt 
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tion=disa&SortField=Score&SortOrdei-Desc&  DISA  POC:  carr@mitre.,org. 


So  geographers,  in  Afric  maps 
With  savage  pictures  fill  their  gaps. 

And  o’er  unhabitable  downs 
Place  elephants  for  want  of  towns. 

(Jonathan  Swift,  On  Poetry,  A  Rhapsody,  1733,  from  Familiar  Quotations  by  John  Bartlett, 
Little,  Brown  &  Co.,  Boston,  1968,  p.  136a.) 


Single  Point  Of  Failure  (SPOF) 

A  vulnerable  point  in  a  system  for  which  there  is  no  adequate  backup  or  fallback 
position;  a  failure  there  results  in  failure  of  the  entire  system.  An  SPOF  is  a  weak  link  in 
the  continuity  of  operations  chain.  SPOFs  are  addressed  in  risk  management.  However, 
SPOFs  are  not  always  mitigated  since  some  have  inherently  low  probabilities  of  failure 
(MTBF).  The  risk  of  failure  must  be  balanced  against  the  effect  of  a  failure.  Thus,  there  is  a 
mathematically  calculable  probability  that  all  the  air  in  a  room  will  coalesce  in  one  corner 
and  the  people  in  the  room  will  asphyxiate.  This  probability  is  so  low,  however,  that  no 
one  (amongst  the  sane)  takes  precautions  against  it.  Nevertheless,  SPOFs  are  the  first 
factors  to  consider  when  attempting  to  increase  system  availability  or  continuity. 

It  must  not  be  supposed  that  the  conference  table  possesses  the  magic  property  of 
generating  wisdom  when  rubbed  simultaneously  by  a  dozen  pairs  of  elbows.  (William  E. 

Utterback,  Group  Thinking  and  Conference  Leadership.) 


Situational  Leadership 

A  model  and  interactive  process  for  supervision  of  employees  developed  by  Zigarmy 
and  Blanchard.  The  current  model  is  called  "Situational  Leadership  II."  It  is  characterized 
by  four  supervisory  styles  appropriate  for  four  employee  developmental  levels — ^but  with 
strategies  for  emergency  circumstances  as  well.  It  predicates  that  a  new  employee's  needs 
change  as  the  employee  grows  in  capabilities  such  that  need  for  direction  decreases  over 
time,  but  the  need  for  support  rises  and  then  falls  over  time  (normally  distributed).  See 
my  Acquisition  Review  Quarterly  article  comparing  and  contrasting  Jaques  and  Blanchard: 
http:  /  /  www.dsmc.dsm.mil/ pubs/ arc] /2000arq /pollock. pdl. 

When  we  speak  to  other  people  with  an  intention  or  an  identification  in  our  mind  as  to 
who  they  are  or  what  they  should  be  doing,  that  essentially  closes  the  frame  of  the 
possibilities  of  what  they  can  become.  (James  Low,  Simply  Being,  Vajra  Press,  London  1994, 
p.  143.) 

To  be  an  effective  managerial  leader  a  person  must  really  value  the  opportunity  to  work 
with  subordinates  and  value  being  able  to  unleash  their  enthusiastic  and  effective 
collaboration.  (Elliott  Jaques  and  Stephen  D.  Clement,  Executive  Leadership,  Cason  Hall  & 

Co.,  Arlington,  VA,  1991,  p.  72.) 

Effective  performance  can  be  hindered  or  disrupted  by  emotional  disturbance,  lack  of 
motivation,  social  alienation,  family  economic  distress,  or  lack  of  support.  (Elliott  Jaques, 

Creativity  and  Work,  International  Universities  Press  Inc.,  Madison,  CT,  1990,  p.  122.) 
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Managers  have  to  switch  from  supervisors  to  facilitators,  enablers,  and  developers  of 
people  and  their  skills.  Process  teams  don't  need  bosses,  they  need  coaches: 

Managing  is  a  particular  skill  ...  there  is  little  correlation  between  excelling  in  a  work 
skill  and  being  a  good  manager.  (Michael  Hammer  and  James  Champy,  Reengineering  the 
Corporation,  Harper  Business,  New  York,  1993,  p.  77.) 

Small  Computer  Systems  Interface  (SCSI) 

Disk  drive  interface  that  serves  personal  computers  and  servers  at  20-40  Mbps.  May 
be  replaced  by  fiber  channel  interfaces  between  servers  and  clustered  storage  devices, 
since  they  are  six  times  faster  than  SCSI  (IRMC  Data  Management  Strategies  and 
Technologies  Course). 


Every  dogma  has  its  day.  (Israel  Zangwill,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F. 

Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983  p.  202.) 

Smart  Card — see  Common  Access  Cards;  http:/ /w'ww.c3i.osd.mil/org/cio /index. html 
(IRMC  Critical  Information  Systems  Technologies  Course) 
http:  /  /  www.c3i.osd.mil  /org  /do  /smartca  rd  .pdf 

A  credit-card-size  device,  normally  for  use  by  personnel,  that  contains  one  or  more 
integrated  circuits  and  may  also  employ  one  or  more  of  the  following  technologies: 
magnetic  stripe;  bar  codes,  linear  or  two-dimensional;  noncontact  and  radio  frequency 
transmitters;  biometric  information;  encryption,  and  authentication;  and  photo 
identification  (Glossary  of  IM/IT  &  KM  Terms).  The  Navy  is  presently  implementing 
common  access  cards  (or  CACs,  a  form  of  smart  card)  to  support  the  Navy/Marine  Corps 
Intranet  and  standardize  identification  across  the  department.  The  CAC  is  intended  to 
serve  both  as  physical  security  or  building  access  identification  as  well  as  electronic 
identification  (via  embedded  digital  signature  and,  in  future,  biometric  information). 
Individual  computers  will  need  to  include  smart  card  readers  (also  called  card  acceptance 
devices  or  CADs)  in  order  to  implement  this  technology  if  "contact"  cards  are  used. 
Contactless  cards  use  radio  frequency  signals  (wireless  technology).  Optical  cards  use 
lasers  for  read /write.  When  used  as  authentication,  smart  cards  function  as  "tokens." 
Smart  cards  use  the  chip  operating  system.  They  presently  range  from  $2  to  $10  each. 
Vendors  generally  guarantee  about  10,000  read/ write  cycles  per  card.  Storage  capacity  of 
the  EEPROM  (electronically  erasable,  programmable  read-only  memory)  ranges  from 
8,000  to  128,000  bits.  One  thousand  bits  is  approximately  equal  to  a  sentence  of  text  (or 
128  bytes).  Smart  cards  are  protected  by  encryption.  ISO  7618  limits  smart  cards  to  a 
9,600-baud  transmission  rate.  Controllers  can  vary  from  8  to  32  bits  running  at  25-32  MHz 
(IRMC  Managing  Networked  Security  in  a  Networked  Environment  Course) 
http:/ / www.smartcard.gov /tutorial/ smartcard  foyer.htm.  The  Departments  of 
Treasury  (DoT)  and  Defense  are  expanding  the  use  of  stored  value  cards  to  replace  cash 
and  paper  payroll  systems  for  military  personnel.  DoT  has  become  the  world's  largest 
issuer  of  smart  cards.  The  stored  value  program  has  exceeded  $80  million  in  transfers  for 
3M  transactions  on  375,000  smart  cards.  They  were  used  extensively  in  Bosnia  and 
supporting  bases  in  Hungary  (Leadership  for  the  New  Millennium:  Delivering  On  Digital 
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Progress  and  Prosperity,  3'“*  annual  report  of  the  U.S.  Government  Working  Group  on 
Electronic  Commerce). 

He  who  hesitates  is  a  damned  fool.  (Mae  West,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton 
&  Co.,  New  York,  1994,  p.  341.) 

Smart  Card  Senior  Coordinating  Group  (SCSCG) 

A  governing  body  established  by  the  DoD  to  develop  and  implement  department¬ 
wide  interoperability  standards  for  use  of  smart  card  technology  and  a  plan  to  exploit 
smart  card  technology  as  a  means  for  enhancing  readiness  and  improving  business 
processes.  This  group  reports  to  the  Department  of  Defense  Chief  Information  Officer 
(Glossary  ofIM/IT  &  KM  Terms). 

You  see  things  and  say  "Why?"  But  I  dream  things  that  never  were;  and  I  say  "Why 
not?"  (George  Bernard  Shaw  [often  repeated  by  Robert  F.  Kennedy].  Leo  Rosten's  Carnival  of 
Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  445.) 

Sneaker  Net 

Transfer  of  electronic  information  by  people  physically  moving  electronic  media 
between  computers.  Most  frequently  this  refers  to  someone  transferring  a  file  to  a  floppy 
disk  (or  read-write  CD  or  zip  disk),  walking  it  over  to  another  computer,  and  loading  the 
media  into  the  second  computer.  This  process  has  often  been  done  in  order  to  provide  an 
"interface"  without  physically  interfacing  the  computers  in  question.  However,  it  can 
pose  a  security  risk  and  make  systems  vulnerable  to  viruses  and  other  malware  as  well  as 
social  engineering  attacks. 

It  is  just  as  important  to  know  when  to  let  go  of  an  old  idea  as  it  is  to  know  when  and 
how  to  accept  a  new  one.  Refusing  to  give  up  a  weak,  resentful,  or  outmoded  idea  is  a 
common  cause  of  failure.  Did  you  ever  see  a  sailor  climbing  a  rope  hand  over  hand?  He  lets 
go  with  one  hand  in  order  to  reach  up  and  take  a  higher  hold  on  the  rope.  He  climbs  by 
letting  go  of  the  old  handholds  and  grasping  new  ones.  You  and  I  can  climb  spiritually  by 
the  same  process,  letting  go  of  old  ideas  by  denial  and  grasping  new  and  higher  ones  by 
affirmation.  (Lowell  Fillmore,  Weekly  Union,  quoted  by  Jacob  Braude  in  New  Treasury  of 
Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  CUffs,  NJ,  June 
1961,  p.  312.) 

Social  Capital 

The  value  resulting  from  the  interactions  of  people  across  networks  built  on 
relationships.  A  pictorial  view  can  be  made  via  social  network  analysis.  Statistical  means 
can  provide  insight  into  the  distribution  of  social  capital  within  an  organization. 
Connectors  are  high-value  nodes  in  a  social  network;  they  have  very  high  social  capital. 
Social  capital  is  generally  considered  to  be  a  part  of  intellectual  capital  (along  with  human 
and  corporate  capital).  It  is  difficult  to  measure  and  is  often,  therefore,  undervalued 
within  an  organization.  Some  organizations  have  eliminated  connectors  during 
downsizing  with  devastating  effect,  especially  in  the  long  term.  Social  capital  responds  to 
varying  environmental  and  cultural  conditions.  Some  companies  have  successfully 
increased  social  capital  through  physical  building  designs  and  tacit  or  explicit  support  by 
upper  management  (cf.  In  Good  Company  by  Don  Cohen  and  Laurence  Prusak). 
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Knowledge  networks  and  communities  of  practice  can  also  positively  affect  an 
organization  s  social  capital.  Surprising  to  the  researchers  themselves,  a  study  has  shown 
that  a  new  chief  executive  officer  can  have  an  immediate  and  profound  effect  upon  the 
entire  organization. 

Have  you  heard  the  story  of  the  lady  who,  when  shopping,  was  tempted  to  buy  a 
pound  of  tomatoes  from  a  barrow  boy?  When  she  had  walked  a  few  yards  she  stopped, 
examined  her  change,  and  concluded  that  the  vendor  had  given  her  a  shilling  too  much.  So 
she  went  back  and  told  him.  "You're  right,  ma'am,"  declared  the  barrow  boy,  pocketing  the 
shilling.  "Here,  just  give  us  hold  of  that  there  bag  for  a  minute.  "  To  the  lady's  surprise  he 
opened  the  bag,  picked  out  a  bad  tomato,  and  put  a  good  one  in  its  place.  "You  was  honest 
with  me,  ma'am,  "  he  replied,  seeing  her  questioning  glance,  "and  I'll  be  honest  with  you." 

(H.  L.  Gee,  500  Tales  to  Tell  Again,  Epworth  Press  London  quoted  by  Jacob  Braude  in  Neiv 
Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood 
Cliffs,  N|,  June  1961,  p.  190.) 

Social  Engineering 

Types  of  hack  attacks  that  employ  social  or  human  approaches  (as  opposed  to  more 
technological  approaches).  Since  most  users  will  provide  information  asked  for  by 
standard  windows  on  their  screens,  hackers  can  insert  windows  into  attacked  sites  (e.g., 
via  JavaScript)  to  obtain  user  passwords,  etc.  Even  simpler,  social  engineers  can  go 
through  trash  bins  to  look  for  passwords  or  other  information  that  can  help  them  enter  a 
system.  The  famous  hacker  Mitkin  obtained  logon  rights  by  calling  unsuspecting 
personnel  and  conning  them  into  providing  system  access  by  claiming  he  was  a  new 
employee  or  by  some  other  ruse.  People  who  break  into  systems  in  order  to  promote 
some  kind  of  ideological  agenda  are  called  hacktivists. 

When  everyone  is  responsible,  ultimately  no  one  is  responsible.  (Dave  Marinaccio,  All  I 
Really  Need  to  Know  1  [warned  from  Watching  Star  Trek,  Crown  Publishing,  New  York  1994  p 
52.)  ' 

Social  Network  Analysis  (SNA) 

A  technique  used  to  analyze  a  network  (generally  an  organization  or  enterprise)  to 
ascertain  the  nature  and  characteristics  of  the  communications  presently  taking  place 
within  the  organization.  It  usually  results  in  a  pictorial  mapping  of  organizational 
relationships  and  flows  showing  its  major  operational  links  (channels)  and  nodes,  thus 
revealing  informal  organizational  effects.  It  can  also  reveal  important  information 
regarding  individuals'  and  subunits'  importance  to  organizational  communications.  This 
tool  can  be  a  very  powerful  and  practical  one  for  chief  information  or  chief  knowledge 
officers.  Connectors  are  readily  identified  via  SNA.  It  may  also  provide  some  insight  into 
the  identification  of  mavens. 

Nature  has  given  to  men  one  tongue,  but  two  ears,  that  we  may  hear  from  others  twice 
as  much  as  we  speak.  (Epictetus,  quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every 
Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  217.) 
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Software  (SAV)— see  Object-Oriented  Programming,  Capability  Maturity  Model  (CMM) 

A  series  of  computer  instructions  that  performs  a  particular  task  is  called  a  "program." 
Software  is  one  medium  for  programs.  The  two  major  categories  of  software  are  "system 
software"  and  "application  software."  System  software  includes  the  operating  system  and 
all  the  utilities  that  enable  the  computer  to  function.  Application  software  includes 
programs  that  do  real  work  for  users.  For  example,  word  processors,  spreadsheets,  and 
database  management  systems  fall  imder  the  category  of  applications  software  (adapted 
from  Glossary  ojlMflT  &  KM  Terms).  Software  is  an  executable  form  of  information.  It  is 
executed  by  a  processor  chip  (e.g.,  Intel  Pentium)  and  runs  on  random  access  memory 
(RAM).  It  is  differentiated  from  firmware  which  is  also  programmable  (micro-code)  but 
which  runs  off  of  read-only  memory  (ROM),  such  as  the  BIOS  chip,  which  boots  up 
computers,  and  from  hardware  (the  touchable  components  including  mouse,  keyboard, 
screen,  and  central  processor  imit  (CPU)).  Programs,  thus,  can  be  created  in  any  of  the 
three  media  (hardware,  firmware,  or  software)  in  increasing  levels  of  adaptability. 
Hardware  and  firmware  programs  have  been  used  when  speed  is  essential  and  flexibility 
is  not.  Programs  are  mostly  software  today  since  processor  and  memory  speeds  have 
increased  spectacularly  and  costs  have  dropped  dramatically.  Further,  the  present  speed 
of  technological  advance  and  resulting  acquisition  reform  initiatives  encouraging  use  of 
contractor  off-the-shelf  software  and  hardware  tend  to  preclude  hardware  and  firmware 
solutions.^^  Some  tools  have  been  developed  to  facilitate  improved  software  development. 

The  Software  Engineering  Institute  (a  FFRDC)  of  Carnegie  Mellon  University  (CMU) 
developed  the  software  CMM  to  improve  software  consistency.  There  are  five  CMM 
levels,  from  no  repeatability  (CMM  level  1)  to  very  repeatable  (CMM  level  5).  Some 
organizations  have  attempted  to  require  CMM  level  3.  Precious  few  organizations  have 
achieved  level  5.  SEI  has  also  developed  similar  models  for  software  management  and 
related  disciplines.  The  CMM  does  not  guarantee  any  level  of  software  quality,  despite 
comparisons  between  CMM  level  3  and  ISO  9000/1.  This  parallels  measurement  theory, 
where  something  can  be  reliable  (CMM)  without  being  valid  (quality).  Computer-aided 
software  engineering  (CASE)  tools  have  also  been  developed  to  assist  programmers  to 
create  better  programs  easier.  I-CASE  is  an  integrated  set  of  such  tools  aimed  at 
generating  code  from  specifications  via  a  complete  software  environment.  CASE  builds 
upon  computer-aided  design  (CAD).  See  http:/ / osiris.sunderland.ac.uk/ rif/ metacase/ 
metacase.home.html  (IRMC  New  World  of  the  CIO  Course).  For  more  information  on  the 
SEI  CMM,  see  http: /  /www.sei.cmu.edu /products/courses/intro/intro.cmm.html  and 
Richard  Kuzara's  "SEI  Capability  Maturity  Model's  Impact  on  Contractors" 

(COMPUTER,  IEEE  Computer  Society,  January  1995)  (IRMC  Advanced  Information 
System  Acquisition  Course).  See  the  Department  of  the  Navy's  Joint  Logistics 
Commanders'  Joint  Group  on  Systems  Engineering's  Practical  Software  Measurement, 
(version  2.1,  March  1996);  Christensen  and  Ferens'  "Using  Earned  Value  for  Performance 
Measurement  on  Software  Development  Projects,"  (Acquisition  Review  Quarterly,  1995, 
Spring, pp.  155-169,  http: / /www.dau.mil/pubs/arq/arq95.asp);  http:/ /ricis.d.uh.edu/  ; 
(IRMC  Measuring  Results  of  Organizational  Performance  Course). 
http:  /  /members.aol.com/lpangvb3/ soft.htm  (IRMC  Critical  Information  Systems 
Technologies  Course). 


325 


Software  Capability  Maturity  ModeF 


Level 

- — - & _ ^ _ 

Focus 

Key  Process  Areas  (KPAs) 

5.  Optimizing 

Continuous  process 
improvement 

Defect  prevention 

Organization  process  innovation 
Organization  improvement  deployment 

4.  Quantitatively 
managed 

Product  and  process  quality 

Statistical  process  management 
Organization  product  alignment 
Organization  process  performance 

3.  Defined 

Software  acquisition  processes 
and  organizational  support 

Organization  process  focus 

Organization  process  definition 
Organization  training  program 

Integrated  software  management 
Software  product  engineering 

Intergroup  coordination 

Peer  reviews 

2.  Repeatable 

Project  management  processes 

Requirements  management 

Software  project  planning 

Software  project  tracking  and  oversight 
Software  supplier  management 

Software  quality  assurance  (QA) 

Software  configuration  management 
(CM) 

1.  (Initial) 

Competent  people 
and  heroics 

None 

a.  From  Software  CMM  (SW-CMM  version  2.0,  draft  B  (IRMC  Advanced  Softw'are  Acquisition 
Management  Course). 


Also,  see  Software's  Chronic  Crisis"  by  W.  Gibbs  {Scientific  American,  1994, 
September,  pp.  86-95);  IEEE /El  A  12207  Standard  for  Software  Life  Cycle  Processes  or 
https:/ / wvyw.sciamarchive.com/html/ppv  frames.asp  ,  Robert  Glass'  "The  Software 
Crisis  Is  It  a  Matter  of  Guts  Management?"  See  also  Software  Management  (Donald 
Riefer,  1993),  Druffel  and  Heilmeier's  "Report  of  the  DSB  Task  Force  on  Acquiring 
Defense  Software  Commercially"  {Crosstalk,  1994,  Vol.  7,  No.  12,  December),  Tom 
DeMarco's  Why  Does  Software  Cost  So  Much?  (Dorset  House,  1995)  and  Edward  Yourdon's 
classics:  Decline  and  Fall  of  the  American  Programmer  (Prentice  Hall,  Inc.,  1993)  and  Rise  and 
Resurrection  of  the  American  Programmer  (Prentice  Hall,  Inc.,  1996).  Software  productivity 
for  top  programmers  is  22  times  as  great  as  for  worst  programmers.  A  1990  study  of 
software  acquisition  in  a  large  federal  organization  revealed  that  only  1.5  percent  of 
software  was  used  as  delivered;  only  3  percent  was  used  after  modification;  19  percent 
was  used  but  abandoned  within  2  years;  29  percent  never  met  contract  requirements;  47.5 
percent  was  delivered  but  never  used.  Of  commercial  software  projects,  50  percent  were 
over  schedule;  33  percent  were  cancelled;  and  75  percent  were  operational  failures.  The 
U.S.  Air  Force  hosts  a  valuable  software  technology  conference  annually  in  Salt  Lake  City 
and  publishes  Crosstalk  (http:/ / www.stsc.hill.af.miD.  Formerly,  the  Department  of 
Defense  developed  software  in  accordance  with  DoD-STD-2167A  and  then  MIL-STD-498; 
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however,  with  the  advent  of  acquisition  reform,  ISO/IEC  12207  now  provides  an 
international  standard  for  software  life-cycle  processes.  See  "The  Mythical  Man-Month," 
(Fred  Brooks,  Datamation,  1974,  December,  pp.  44-52)  (IRMC  Advanced  Software 
Acquisition  Management  Course). 

osiris.simderland.ac.uk/~csOpco  /  CASE.ppt 

http:  /  /  WWW  spi.rmu.edu/ publications/documents/92.reports/92.tr.015,htinl 
http: / / www.sei.cmu.edu/legacy / case/ case  sites.html. 

Much— perhaps  most— behavior  in  the  world  is  not  very  rational.  (Robert  Fisher  and 
William  Ury,  Getting  to  Yes,  Bruce  Patton,  Ed.,  Penguin  Books,  New  York,  1981,  p.  160.) 


Software  Engineering  Institute  (SEI),  http:  /  / www.sei.cmu.edu/ 

SEI  is  an  federally  funded  research  and  development  center  run  by  Carnegie  Mellon 
University  for  the  Department  of  Defense.  SEI  created  the  original  capability  maturity 
model  (and  some  additional  ones). 

SEI  Software  Technology:  http:  /  /www.sei.cmu.edu/engineering/ technology .htrnl. 

Flattery  is  all  right  if  you  don't  inhale.  (Adlai  Stevenson.  Leo  Rosten's  Carnival  of  Wit,  E. 

P.  Dutton  &  Co.,  New  York,  1994,  p.  181.) 

Software  Quality — see  Quality 
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RADC  Software  Quality  Factors'* 


Quality  Factor 

Definition 

Candidate  Metric 

Correctness 

Extent  to  which  the  software  conforms  to 
specifications  and  standards 

Defects 

LOG 

Efficiency 

Relative  extent  to  which  a  resource  is  utilized 
(i.  e.,  storage,  space,  processing  time, 
communication  time) 

Actual  resource  utilization 

Allocated  resource  utilization 

Expandability 

Relative  effort  to  increase  software  capability 
or  performance  by  enhancing  current 
functions  or  by  adding  new  functions  or  data 

Effort  to  expand 

Effort  to  develop 

Flexibility 

Ease  of  effort  for  changing  software  missions, 
functions,  or  data  to  satisfy  other  requirements 

(0.05)(average  labor  days  to 
change) 

Integrity 

Extent  to  which  the  software  will  perform 
without  failure  due  to  unauthorized  access  to 
the  code  or  data 

Defects 

LOG 

Interoperability 

Relative  effort  to  couple  the  software  of  one 
system  to  the  software  of  another 

Effort  to  couple 

Effort  to  develop 

Maintainability 

Ease  of  effort  for  locating  and  fixing  a  software 
failure  within  a  specified  time  period 

(0.1)(average  labor  days  to 
fix) 

Portability 

Relative  effort  to  transport  the  software  for  use 
in  another  environment  (hardware 
configuration,  and/or  software  system 
environment) 

Effort  to  transport 

Effort  to  develop 

Reliability 

Extent  to  which  the  software  will  perform 
without  any  failures  within  a  specified  time 
period 

Defects 

LOC 

Reusability 

Relative  effort  to  convert  a  software 
component  for  use  in  another  application 

Effort  to  convert 

Effort  to  develop 

Survivability 

Extent  to  which  the  software  will  perform  and 
support  critical  functions  without  failure 
within  a  specified  time  period  when  a  portion 
of  the  system  is  inoperable 

Defects 

LG»C 

Usability 

Relative  effort  for  using  software  (training  and 
operation — e.g.,  familiarization,  input 
preparation,  execution,  output  interpretation) 

Labor  davs  to  use 

Labor  years  to  develop 

Verifiability 

...  rr _ Tr>x  a 

Relative  effort  to  verify  the  specified  software 
operation  and  performance 

1  J  _  1  T  i*  .  .  ^  .  .  ...  _  - ^ 

Effort  to  verifv 

- - ^ 

Effort  to  develop 

a.  From  IRMC  Advanced  Information  System  Acquisition  Course. 


What  is  experienced  as  psychic  effort  in  work — the  intensity  or  weight  of 
responsibility  is  entirely  concerned  with  the  discretionary  content  of  work.  To  conform  to 
rules  and  regulations  and  other  prescribed  aspects  of  work  requires  knowledge;  you  either 
know  or  you  do  not;  but  it  does  not  require  the  psychic  effort  of  discretion  and  decision, 
with  its  attendant  stirring  of  anxiety.  1  was  able  to  demonstrate  that  weight  or  level  of 
responsibility  is  objectively  measurable  in  terms  of  the  maximum  spans  of  time  during 
which  discretion  must  be  exercised  by  a  person  on  his  own  account.  The  longer  the  span  of 
time,  the  more  the  unconscious  material  that  must  be  made  conscious,  and  the  longer  must 
uncertainty  about  the  final  outcome  and  the  anxiety  about  one's  judgment  and  discretion  be 
tolerated.  In  short,  the  longer  the  path  toward  gratification  chosen  . . .  the  greater  is  the 
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experience  of  psychic  effort  or  work.  (Elliott  Jaques,  Creativity  and  Work,  International 
Universities  Press  Inc.,  Madison,  CT,  1990,  pp.  332-333.) 

Software  process  improvement:  http:/  / www.dacs.dtic.mil/ 

S/W  Engineering  Process  Office  (SEPO):  http://sepo.nosc.mil/ 

Practical  Software  Measurement:  http:  /  /  www.psmsc.com/ 

The  Broadcast  Coordinator  at  703-461-0370;  SPMNWeb@spmn.com 

SPA  WAR  S  /  W  Project  Tools:  http:  /  /  www.spmn.com/ download.html 

Software  Program  Manager's  (SPMN's)  Internet  home  page:  http:  /  /  ww.spmn.com. 

Spam  or  Spamming 

Spam  is  unwanted  e-mail  that  an  unscrupulous  seller  sends  out  to  a  great  many  e-mail 
accounts  (without  identifying  particular  buyers).  It  can  overload  a  person's  e-mail  account 
with  salacious  materials  (the  usual  content).  Spamming  is  the  process  of  sending  spam. 
The  spammers  may  include  a  note  promising  to  desist  if  the  recipient  responds  with  a 
request.  Usually,  however,  the  spammer  only  wishes  to  verify  that  the  account  is  active 
since  spammers  obtain  large  lists  of  targets,  many  of  which  are  no  longer  valid.  Thus,  it  is 
recoimnended  that  the  recipient  NOT  respond  to  the  spammer.  Rather,  more 
sophisticated  e-mail  software  allows  one  to  filter  out  the  spam  from  known  senders. 
Unforhmately,  these  senders  frequently  change  their  addresses  so  that  such  filtering  is 
only  partly  effective.  littp://all.net/  (IRMC  Critical  Information  Systems  Technologies 
Course). 


SPAM  information:  http:  /  / www.ecofuture.org/inkmail.html 
http:  /  /  spam.abuse.net/ 

SPAM  avoidance:  http:  /  /  www.simbelt- 
.software.com  /  product.cfm?id=930&affid=overt 
http:/  /  www.inboxdoctor.com/ 
http:  /  /  www.removemenow.com/ 
http:  // www.arachnoid.com/lutusp/antispam.html. 

Once  in  Persia  reigned  a  king.  Who  upon  his  signet  ring 
Graved  a  maxim  true  and  wise.  Which,  if  held  before  his  eyes 
Gave  him  counsel  at  a  glance  Fit  for  any  change  or  chance; 

Solemn  words,  and  these  are  they:  "Even  this  shall  pass  away." 

(Theodore  Tilton,  quoted  by  Chris  R.  Wamken,  Rosicrucian  Digest,  1976,  Vol.  LIV,  No. 

Il,p.l3.) 

Spectrum  Management 

The  oversight  of  allocations  and  regulations  governing  the  U.S.  radio  frequency 
spectrum;  this  oversight  balances  the  demands  for  airwave  frequencies  by  commonly 
used  technologies,  such  as  microwaves,  radio  stations,  television,  pager  services,  and 
mobile  phones,  with  the  need  for  airwaves  for  national  defense  (military)  and  public 
safety  (police,  emergency  and  fire).  The  Department  of  Commerce's  National 
Telecommunications  and  Information  Administration  manages  the  U.S.  radio  frequency 
{Glossary  ofIM/IT  &  KM  Terms).  There  has  been  increasing  pressure  to  transfer  control  of 
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portions  of  the  Department  of  Defense's  assigned  segments  over  to  the  private  sector  for 
commercial  purposes. 

Most  of  what  we  call  management  consists  of  making  it  difficult  for  people  to  get  their 
work  done.  (Peter  Drucker,  quoted  by  Karl  Albrecht  and  Ron  Zenke  in  Service  America! 

Warner  Books,  New  York,  1985,  p.  106.) 

Spiders — see  Crawlers 

Software  applications  that  index  Web  sites,  e-mail,  or  other  designated  knowledge 
objects  automatically  and  push  the  updated  content  to  requesting  users.  Some  robust 
applications  learn  where  an  organization's  most  valuable  information  is  located,  no 
matter  the  media — e-mail,  documents,  presentations,  etc.  (USA). 

Somewhere,  something  incredible  is  waiting  to  be  known.  (Carl  Sagan,  Leo  Rosten's 
Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  437.) 

Spiral  Model  of  Software  Development 

A  general  methodology  for  developing  software  that  incorporates  a  cyclic  approach 
mto  its  scheduling  and  implementation.  It  has  replaced  the  prior  waterfall  method,  in 
which  a  one-way  flow  down  is  used.  It  improves  risk  management  and  security  but  may 
not  be  suitable  for  small  projects  and  requires  skilled  risk  analysis  personnel.  Other 
software  methods  include:  incremental  development,  rapid  prototyping,  evolutionary 
acquisition,  and  software  reuse  (IRMC  Advanced  Software  Acquisition  Management 
Course). 


When  one  hears  of  disastrous  schedule  slippages  in  a  project  ...  the  disaster  is  due  to 
termites,  not  tornadoes.  (Fred  P.  Brooks,  The  Mythical  Man-Month,  Addison-Weslev, 
Reading,  MA,  1975,  p.  154.) 


Fundamentally,  esoteric  fulfillment  is  never  an  uneventful  progress  along  a  straight 
line.  It  ever  proceeds  in  spirals.  We  return  again  and  again,  apparently  to  where  we  were, 
but  a  little  wiser  on  each  spiral  through  perfectly  mundane  experiences  which  force  the 
truth  of  life  upon  us.  It  is  up  to  the  aspirant  to  achieve  all  he  can  upon  each  spiral  of  the 
way.  (Raymond  Andrea,  "The  Conflict  of  Opposites,"  The  Andrea  Lectures,  Ancient  Mystical 
Order  Rosae  Crucis,  1991,  p.  49.) 


Split-Half  Reliability 

A  techmque  for  estimating  instrument  reliability  by  comparing  the  total  score  from 
one  half  of  the  items  to  the  total  score  from  the  other  half — usually,  the  instrument  is 
divided  into  odd  and  even  items  (IRMC  Measuring  Results  of  Organizational 
Performance  Course). 


I  once  heard  a  tale  of  a  man 
who  spEt  himself  in  two. 

The  one  part  never  changed  at  all; 
the  other  grew  and  grew. 

The  changeless  part  was  always  true. 

The  growing  part  was  always  new. 

And  1  wondered,  when  the  tale  was  through. 
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which  part  was  me  and  which  was  you. 

(Orson  Scott  Card,  Children  of  the  Mind,  Tom  Doherty  Books,  New  York,  1996,  p.  351.) 

Stakeholders 

Any  individual,  group,  or  organization  that  can  place  a  claim  on  or  influence  the 
organization's  resources  or  outputs,  is  affected  by  those  outputs,  or  has  an  interest  in  or 
expectation  of  the  organization  (Defense  Information  Systems  Agency  Performance 
Planning  Guidance  for  Fiscal  Year  1998,  p.  F-5).  All  the  people  affected  by  the  design  and 
use  of  an  IT  (or  other)  system  or  application.  Typically  this  superset  includes  many 
subsets  such  as  developers,  customers,  users,  CXOs,  financiers,  testers,  mamtainers,  and 
others.  Such  people  have  a  stake  in  the  success  of  the  product  or  program.  Their  differing 
perspectives,  however,  often  result  in  conflicting  requirements,  value  judgments,  and 
political  stances.  "Where  you  stand  depends  on  where  you  sit." 

The  hottest  places  in  HeU  are  reserved  for  those  who,  in  a  time  of  great  moral  crisis, 
maintain  their  neutrality.  (Dante,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York, 

1994,  p.  320.) 

Standard  Deviation  (Sigma  or  a) 

A  statistic  that  is  proportional  to  the  amount  of  variability  in  a  set  of  scores.  If  a  set  of 
scores  has  a  normal  distribution  approximately  68  percent  of  the  scores  will  be  within  one 
standard  deviation  of  the  mean)  (IRMC  Measuring  Results  of  Organizational 
Performance  Course).  See  http://www.dsmc.dsm.mil/pubs/ arq/2000arq /pollock. pdf 
for  an  extensive  chart  delineating  the  normal  distribution  and  its  standard  deviations. 
Geometrically,  the  standard  deviation  describes  the  width  of  the  particular  normal 
distribution.  The  mean  describes  its  height.  The  two  variables  indicate  that  the  curve  is 
nonlinear  since  linear  functions  have  only  one  independent  variable.  Arithmetically, 
however,  the  standard  deviation  is  an  indication  of  the  dynamic  range  of  the  samples 
comprising  the  distribution. 

AU  generalizations  are  dangerous,  even  this  one.  (Alexander  Dumas,  quoted  by  Jacob 
Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall  Inc., 
Englewood  Cliffs,  NJ,  June  1961,  p.  8.) 

The  ability  to  take  another  person's  argument  seriously  is  the  precondition  for 
civilization.  (Carl  Jung,  quoted  by  A.  Lindley  Jr.,  "Chicago's  Analytical  Congress, 

Transformation,  C.  G.  Jung  Institute  of  Chicago,  1992,  Vol.  23,  No.  1,  Fall,  p.  11.) 

Standard  Generalized  Markup  Language  (SGML) 

A  standard  for  how  to  specify  a  document  mark  up  language  or  tag  set.  Such  a 
specification  is  itself  a  document  type  definition.  SGML  is  not  in  itself  a  document 
language,  but  a  description  of  how  to  specify  one  {Glossary  of  IM/IT  &  KM  Terms).  HTML 
is  built  upon  or  an  implementation  of  SGML. 

Travel,  in  the  younger  sort,  is  a  part  of  education;  in  the  elder,  a  part  of  experience.  He 
that  traveleth  into  a  country  before  he  hath  some  entrance  into  the  language,  goeth  to 
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school,  and  not  to  travel.  (Sir  Francis  Bacon,  1561-1626,  “Of  Travel,"  18,  Essays,  from  The 
Oxford  Dictionary  of  Quotations,  Oxford  University  Press,  New  York,  1980,  p.  27,  No.  27.) 

Standardization 

The  process  of  documenting,  reviewing,  and  approving  unique  names,  definitions, 
characteristics,  and  representations  of  knowledge,  information,  and  data  according  to 
established  procedures  and  conventions  (DoD  8320. 1-M,  Data  Administration  Procedures) 
{IRMC  Data  Management  Strategies  and  Technologies  Course).  Standardization  implies 
centralized  control  of  configurations.  The  Department  of  Defense  (DoD)  uses 
configuration  management  and  designated  standards  (e.g.,  the  defense  data  dictionary 
system  [DDDS]  and  joint  technical  architecture  [JTA])  to  establish  and  maintain 
standards.  With  the  advent  of  acquisition  reform,  the  vast  majority  of  DoD  and  military 
specifications  and  standards  (formerly  included  in  the  DoD  Information  Security  System) 
were  cancelled  (many  were  transferred  to  industry  or  commercial  standards).  The 
American  National  Standards  Institute  and  other  independent  standards  organizations 
maintain  important  standards  that  are  used  or  invoked  by  DoD.  Some  standards  (o.g., 
extensible  markup  language)  are  in  process;  some  include  a  degree  of  ambiguity  (e.g.,' 
X.509),  and  some  are  de  facto  (Internet).  The  common  operating  environment  (COE)  is  the 
DoD  attempt  to  standardize  the  software  environment.  Standards  are  touted  as  a  means 
to  save  money  and  expedite  development.  The  capability  maturity  model  attempts  to 
standardize  the  software  development  process  to  achieve  reliability  and  reproducibility. 
ISO  9000  standards  address  quality  in  the  international  arena.  The  price  of 
standardization,  however,  can  be  a  decrease  in  individual  creativity  and  paradigmatic 
breakthroughs.  See  Martin  Libicki's  Standards:  The  Rough  Road  to  the  Common  Byte  (CACT, 
INSS,  NDU,  May  1995)  (IRMC  Advanced  Software  Acquisition  Management  Course). 

Department  of  Defense  Specifications  and  Standards: 
b.Itp.//w^ww. dla.mil/ |-6/lo.g-edi/ erp  ipt/031301 713  14mardirjecpodyl.ppt 
Department  of  Defense  Dictionary  of  Military  Terms: 
http:/  /  wvvw.dtic.mil  /doctrine/iel  /doddirt/ 

DoD  Index  of  Specifications  and  Standards: 
http:/ /stinet.dtic.mil /str/dodis.s4  fields.html. 

You  cannot  put  the  same  shoe  on  every  foot.  (Publilius  Syrus,  Maxim  596,  first  century 
B.C.,  from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  126.) 

Standard  Operating  Environment  (SOE) 

A  standard  suite  of  system  software  furnished  by  Defense  Information  System  Agency 
System  Support  Office  (DISA  SSO)  for  use  in  supporting  application  production  and  test 
domains.  The  operating  system  and  the  suite  of  standard  system  products  are  called  the 
SOE  {Glossary  ofIM/lT  &  KM  Terms). 

The  Pentagon  recently  found  it  had  too  many  Generals  and  offered  an  early  retirement 
bonus.  It  promised  any  General  who  retired  straight  away  his  full  annual  benefits  plus 
$10,000  for  every  inch  measured  in  a  straight  line  between  any  two  points  on  the  General's 
body,  with  the  General  getting  to  select  any  pair  of  points  he  wished.  The  first  man,  an  Air 
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Force  General,  accepted.  He  asked  the  pension  man  to  measure  from  the  top  of  his  head  to 
the  tip  of  his  toes.  Six  feet.  He  walked  out  with  a  check  of  $720,000.  The  second  man,  an 
Army  General,  asked  them  to  measure  from  the  tip  of  his  outstretched  hands  to  his  toes. 

Eight  feet.  He  walked  out  with  a  check  for  $960,000.  When  the  third  General,  a  grizzled  old 
Marine,  was  asked  where  to  measure,  he  told  the  pension  man;  "From  the  tip  of  right  big 
toe  to  the  back  of  my  right  heel."  The  pension  man  suggested  that  perhaps  the  General 
might  like  to  reconsider,  pointing  out  the  nice  checks  the  previous  two  Generals  had 
received.  The  Marine  insisted  and  the  pension  expert  said  it  would  be  fine.  He  asked  the 
General  to  remove  his  right  shoe  and  sock.  He  did.  The  pension  man  took  one  look  at  the 
General's  right  foot  and  said,  "Oh  my  gosh  General  ...  where  is  the  front  of  your  foot!?" 

The  General  replied,  "In  Vietnam."  (Internet  e-mail  joke.) 

Statistical  Regression — Compare  with  Central  Tendency 

A  threat  to  acceptance  of  evaluation  results  which  states  that,  if  subjects  were  chosen 
on  the  basis  of  their  scoring  especially  low  on  a  pretest,  an  increase  in  performance  may 

is 


(e.g.,  a  commune),  their  children  tend  towards  the  usual  normal  distribution  of  people 
such  that  by  the  third  generation  (if  not  sooner),  so  many  of  the  residents  have  deviated 
from  the  original  uniting  principle  that  the  commumty  has  great  difficulty  staying 
together  (assuming  that  the  forming  or  uniting  principle  has  a  negative  effect  upon  or  is 
disagreeable  in  some  way  to  the  average  person  rather  than  individually  beneficial). 
Under  such  circumstances,  the  unity  and  cohesiveness  of  the  original  community 
dissolves  and  it  can  only  survive  as  an  entity  under  external  pressure  (e.g.,  threat  and 
violence  of  totalitarianism).  Such  a  circumstance  is  not  stable  and  should  eventually 
collapse  (e.g.,  the  Soviet  Union). 

There  are  old  men  of  three,  children  of  a  hundred.  (Japanese  Proverbs,  Peter  Pauper 
Press,  Mt.  Vernon,  NY,  1962,  p.  42.) 

Statistical  Significance 

Since  a  given  set  of  measures  might  vary  because  of  some  chance  fluctuations  in  the 
conditions  at  the  time  and  place  of  measurement,  statistical  techniques  check  the 
probability  that  the  results  are  not  due  to  chance.  If  the  results  pass  the  check,  they  are 
considered  statistically  significant  (http:  /  / ww w.survevsvstem.co.mZsip:nif,,htm)  (IRMC 
Measuring  Results  of  Organizational  Performance  Course).  Statistical  significance 
depends  upon  the  number  of  samples  with  reference  to  the  size  of  the  population  being 
measured  and  the  error  factors  involved  in  measurement.  Frequently,  statistical 
significance  is  given  in  terms  of  a  specified  confidence  level. 

We  believe  whatever  we  want  to  believe.  (Demosthenes,  348  B.C.,  quoted  by  Hal 
Lindsey  in  The  Late  Great  Planet  Earth,  Bantam,  New  York,  1973,  p.  1.) 


be  caused  in  part  by  the  natural  tendency  of  extreme  scores  to  mediate  when  a  tes 
repeated  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  This 
Drinciple  mav  also  be  applicable  to  genetics.  If  a  group  forms  from  people  of  like  r 
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Statistics — see  Analysis  of  Variance,  Chi-Square,  Correlation,  Cross-Tabulation, 
Regression  Analysis,  Sampling,  and  Standard  Deviation  and  T-Test 

A  branch  of  mathematics  dealing  with  the  collection,  analysis,  interpretation,  and 
presentation  of  masses  of  numerical  data.  A  collection  of  quantitative  data.  Quantities 
computed  from  samples. 


When  a  hundred  clever  heads  join  in  a  group,  one  big  nincompoop  is  the  result, 
because  every  individual  is  trammeled  by  the  otherness  of  the  others.  (Margaret  J.  Rioch, 

"The  Work  of  Wilfred  Bion  on  Groups,"  Psychiatry,  1970,  p.  64.) 

Steganography 

A  method  of  hiding  files  in  graphic  figures.  S-tools  can  use  four  encryption  algorithms 
(IDEA,  DES,  triple  DES,  or  MDC).  It  uses  MD5  (message  digest)  to  hash  the  pass  phrase  to 
128  bits.  It  spreads  the  file's  bit  pattern  across  the  least  significant  bits  (LSBs)  of  the  image 
color  levels  (IRMC  Assuring  the  Information  Infrastructure  Course).  Images  are  formed 
electronically  using  specific  spots  or  spaces  on  the  screen  called  pixels.  Each  pixel  has  a 
designated  byte(s)  of  data  associated  with  it.  The  number  embedded  in  that  particular 
byte  describes  the  spot  regarding  color,  intensity,  shade  of  gray,  etc.  The  most  signihcant 
bits  (MSBs)  of  that  byte  are  more  apparent  in  effect  on  the  observer.  The  LSBs  have  lesser 
effect.  The  MSB  is  comparable,  for  instance,  to  the  lOO's  column  in  the  decimal  system  and 
the  LSB  to  the  1  s  column.  Obviously,  the  number  in  the  lOO's  column  will  usually  have 
more  impact  than  the  number  in  the  I's  column.  Steganography  replaces  the  original 
^^4mbers  in  the  LSBs  with  the  bits  of  a  message — so  the  viewer  doesn't  notice  the 
difference  when  looking  at  the  graphic  picture  on  a  screen,  but  someone  who  knows 
where  to  "look"  electronically  can  recover  the  message  embedded  in  the  LSBs.  From  the 
Internet: 

Steganography;  communicating  while  hiding  the  existence  of  the  communication. 

Messages  to  all  STEGANO-L  members  have  to  be  sent  to  the  address:  stegano-l@a.s- 
node.jena. thur.de 

The  anonymous  file  transfer  protocol  archive  associated  with  STEGANO-L  is: 
ftp://ftp.thur.de/pub/software/stegano/  http://www.iks- 
jena.de/ mitarb/lutz/security/stegano.html 

The  manager  of  the  mailing  list  server  is  Lutz  Donnerhacke: 
Lutz.Donnerhacke@Iena.Thur.De 

http:/ /www.cl. cam.ac.uk/~fapp2/ steganography/ 

http:/  /  www.centurionsoft.com  / 

http:/  /  members.tripod.com/ steganography /stego.html. 

It  is  structurG  tbat  enables  creativity  ...  without  structure,  there  is  nothing  for  creativity 
to  get  leverage  upon.  (Stephen  Denning,  The  Springboard,  Butterworth-Heinemann,  Boston 
2001,  p.  193.) 

Storage  Area  Network  (SAN) 

An  enterprise  storage  solution  with  gigabit  networks  that  rely  on  high-speed 
interconnect  technologies  (e.g..  Fibre  Channel).  SANs  have  higher  throughput,  greater 
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distances,  more  connectivity  options,  better  scalability,  fault  recovery,  and  diagnostics. 
They  are  useful  for:  data  management,  backup  and  recovery,  archiving,  disk  mirroring, 
shared  storage,  and  data  sharing  (IRMC  Data  Management  Strategies  and  Technologies 
Course). 


I  have  made  this  rather  long  letter  because  1  haven't  the  time  to  make  it  shorter.  (Blaise 
Pascal.  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  508.) 


Storytelling 

A  method  to  unobtrusively  and  effectively  illustrate  a  point,  convince  listeners,  and 
effectively  transfer  knowledge.  An  organizational  story  is  a  detailed  narrative  of 
management  actions,  employee  interactions,  or  other  relevant  events  commumcated 
within  the  organization.  Storytelling  is  a  powerful  transformational  tool,  especially  when 
the  story  is  credible  (regarded  as  true  and  accurate),  relevant  to  the  organization  and  its 
people,  portable  to  organizational  activities,  and  can  be  easily  visualized  by  the  listeners 
who  unconsciously  place  themselves  into  the  story.  Steve  Denning  of  the  World  Bank 
describes  such  stories  as  "springboard"  stories  in  his  classic  work.  The  Springboard.  Such 
means  are  especially  effective  for  social  network  "salesmen"  as  described  by  Malcolm 
Glad  well  in  The  Tipping  Point.  Similar  to  KM  as  a  whole,  storytelling  is  as  old  as  human 
history.  Storytelling  has  been  used  for  ages  to  socialize  new  members  of  society  and  teach 
them  tacit  knowledge.  Stories  can  penetrate  the  mental  filters  of  the  conscious  mind, 
eliciting  responses  from  deeper  (imconscious)  levels.  According  to  Carl  Jung,  these  can  be 
personal  or  collective  levels  of  the  unconscious.  The  latter  are  archetypal  and  common 
across  humanity.  Thus,  they  are  potential  channels  of  deep,  instantaneous 
communications  and  knowledge,  if  not  wisdom.  Modern  movies  and  shows  may  be 
archetypal  in  nature,  such  as  the  Star  Wars  epic  films.  They  are  readily  comparable  to  such 
ancient  classic  stories  as  the  Mesopotamian  Gilgamesh  and  the  Welsh  Mabinogeon. 

The  human  animal  has  a  deep  psychological  need  for  some  kind  of  story  about  how  life 
began  and  how  it  will  culminate  and  toward  what  purpose.  The  need  for  a  story  is  so  great 
that  most  people  never  question  the  stories  they  are  reared  with  and  seem  concerned  only 
that  they  have  a  story— any  story.  And  so  dedicated  are  people  to  their  respective  group 
story  that  they  are  generally  inclined  to  consider  everyone's  story  as  false  or  mistaken. 

Millions  have  given  their  lives  in  the  defense  of  their  stories.  Millions  more  have  been  slain 
for  their  refusal  to  adopt  other  people's  stories.  The  saddest  thing  about  it  all  is  this:  We 
have  all  had  the  same  story  all  along,  only  it  had  been  told  in  different  words,  through 
different  symbols,  rituals,  and  ceremonials  ...  we  are  beginning  to  find  out  our  stories  are 
aU  one  story;  only  the  mythical  portrayal  of  the  story  differs  ...  Generally,  we  perceive 
myths  as  lies.  Fairy  tales.  But  actually,  myths  address  deep  truths.  A  myth  is  a  story  that  is 
true  but  not  factual.  (Schacter-Shalomi,  Paradigm  Shift,  Aronson,  Northvale,  NJ,  1993,  p. 

299-300.) 

No  single  story  can  ever  reveal  everything.  The  story  is  necessarily  a  selection,  and  the 
extent  of  the  partial  representation  depends  on  the  angle  of  vision.  Understanding  the  angle 
of  vision  of  a  story  is  a  key  to  understanding  it  as  a  representation  of  reality.  The  angle  of 
vision  also  determines  the  impact  that  the  story  has  for  a  particular  audience.  (Stephen 
Denning,  The  Springboard,  Butterworth-Heinemann,  Boston,  2001,  p.  173.) 
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Stovepipe 

A  system  with  vertical  communications  and  reporting  (i.e.,  only  via  a  chain  of 
command).  Most  legacy  systems  had  stovepipe  architectures  both  programmatically  and 
technically.  Checks  and  balances  were  external  to  a  relatively  independent  program 
office.  Systems  were  defined  individually  except  where  specific  interfaces  were  required. 
This  approach  is  based  on  classical  management  and  tended  to  accentuate  individual 
responsibility  and  accountability.  It  matched  well  to  organizational  wiring  charts  (official 
authority  delegations),  requirements  documents,  and  culture.  With  the  advent  of 
acquisition  reform,  integrated  product  teams,  downsizing,  a  more  teamwork  oriented 
approach  to  problems  and  responsibilities,  open  systems,  systems  thinking,  and  other 
current  trends  and  influences,  stovepipes  have  been  branded  as  anachronistic  (if  not 
archaic)  and  the  term  has  become  derogatory.  This  is  a  case  of  the  pendulum  effect. 
Rationally,  particular  systems  to  be  developed  should  be  analyzed  to  determine  how 
open  and  interoperable  they  should  be.  Interoperable  is  a  transitive  term,  nothing  is 
"interoperable"  per  se,  something  can  only  be  interoperable  with  something  else  (the 
transitive  object). 

If  we  confuse  the  orders  of  abstraction  we  can  disregard  about  any  evidence,  thereby 
maintaining  our  traditional  beliefs.  (Steven  Lewis, 
Ilt,tp://wvvw.kcinetro.cc.mo.u.s/pennvallev7bioloev71evvis/lewis.htm.f 

Strategic  Planning— see  Performance-  and  Results-Based  Management 

One  of  the  10  federal  chief  information  officer  (CIO)  competencies,  specified  by  the 
Federal  CIO  Cormcil  Executive  Board,  included  in  the  IRMC^s  curriculum  for  the  CIO 
certificate.  The  Government  Performance  and  Results  Act  requires  agencies  to  create  5- 
year  strategic  plans  (revised  every  3  years).  The  plans  include:  mission  statement; 
outcome  related  goals  and  objectives;  descriptions  of  processes,  technologies,  human, 
capital,  information  resources  required;  identification  of  key  external  factors;  and 
description  of  evaluations  used  to  establish  goals  and  objectives.  The  four  A's— 
adaptability,  accountability,  alignment  and  awareness — are  also  applicable  to  information 
management  strategic  planning.  Office  of  Management  and  Budget  Circular  A-11  (Part  2) 
contains  guidance  on  the  preparation  and  submission  of  strategic  and  annual 
performance  plans.  The  Congressional  Report  Card  includes  ten  evaluation  factors,  six  of 
which  are  required  in  the  agency  s  strategic  plan:  comprehensive  mission  statement, 
general  goals  and  objectives,  strategies  to  achieve  the  goals  and  objectives,  relationship 
between  the  long-term  goals  and  annual  goals,  key  external  factors  outside  the  agency's 
control,  how  program  evaluations  will  be  used  to  revise  strategic  goals.  The  other  four 
(nonstatutory)  factors  are:  treatment  and  coordination  of  crosscutting  functions,  data 
capacity  and  reliability  for  evaluation,  problem  and  risk  analysis,  and  Congressional  and 
stakeholder  consultations.  There  s  also  a  bonus  factor"  of  how  realistic  performance 
measures  are  (IRMC  New  World  of  the  CIO  Course).  While  Murphy's  Law  says  that  if 
anything  can  go  wrong,  it  will,  strategic  planning  is  essential  to  a  CIO.  It  provides  a 
unifying  and  integrating  structure;  enables  autonomous,  coordinated  action;  promotes 
organizational  cohesiveness  through  sense  of  shared  direction,  intent,  and  purpose; 
promotes  shared  values,  beliefs,  and  assumptions;  promotes  concentrated  effort; 
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encourages  environmental  awareness;  and  promotes  flexible  responses  within  a  changing 
environment.  Strategic  plans  are  not  limited  to  the  former  Soviet  Union  s  type  of  5-year 
plan;  commercial  ones  tend  to  average  12-  to  18-month  cycles,  and  much  less  in  some 
industries— especially  in  IT.  A  good  strategic  plan  is  the  roadmap  from  "as  is"  to  "to  be." 

There  is  a  story  about  a  snail  who,  one  bitter  cold  morning  in  January  started  to  climb 
the  frozen  trunk  of  a  cherry  tree.  As  he  slowly  moved  upward  a  beetle  stuck  his  head  out  of 
a  crack  in  the  tree  and  said,  "Hey,  buddy,  you're  wasting  your  time.  There  aren't  any 
cherries  up  there."  But  the  snail  kept  right  on  going.  "There  will  be  when  1  get  there,"  he 
said.^' 

Strategic  planning  has  positive  secondary  (or  side)  effects.  It  tends  to  elucidate 
assumptions,  presuppositions,  and  preconceived  conclusions.  In  addition,  it  promotes 
self-discipline  and  training  as  well  as  systems  thinking. 

See  OASD  (Cl)'s  IT  Management  (ITM):  Supporting  National  Defense  (ITM  Strategic 

Plan,  version  1.0,  March  1997).  Legislation: 

http:/ /www.c3i.osd.mil/c3ia/itprmlegisl.html. 

OMB  guidance:  http:/ / www.whitehouse.gov/ omb/ circulars/all /cpgtoc.hfaTil 
Lmks  to  agency  plans: 

http:  /  / www.whitehouse.gov  /omb  /budintegration / scorecards / agency  scorecards.html 
Congress'  scores  on  plans:  http:  /  / freedom.house.gov/ results./. 

Plarrs  with  GAO  reviews:  http:  /  /www.govexec.com/ dailvfed/ 0997 / 090897bl.htm 
Council  for  Excellence  in  Government  reviews:  http:  /  /  www.excelgov.orgZ. 

Self-study  modules:  http:  /  / www.csuchico.edu/mgmt/ strategY.Z 

Case  studies:  http: /  /govinfo.library.imt.edu/ npr /library / studies/list.html 

http:  /  /govinfo.library.unt.edu/ npr /library  /  studies/ aboutcs.html. 


Pitfalls  in  government  strategic  planning: 

1.  A  mission  statement  so  broad  and  general  it  could  apply  to  other  agencies  it 
should  be  concise,  results-oriented,  and  agency  specific  enough. 

2.  General  goals  and  objectives  that  are  more  process  than  outcome-oriented. 

3.  Neglecting  to  solicit  input  from  Congress  and  affected  stakeholders. 

4.  Lack  of  use  of  program  evaluations  to  establish  goals  and  strategies. 

5.  Identifying  strategies  for  achieving  the  goals  that  are  actually  just  descriptions 
of  current  activities. 

6.  Weak  linkages  between  strategic  goals  and  annual  performance  plan  goals. 

7.  Inadequate  linkage  to  the  budget. 

8.  Inadequate  discussion  or  external  factors. 

9.  Major  management  problems  not  addressed. 

10.  No  coordination  of  cross-cutting  functions. 

11.  Little  discussion  of  data  capacity  issues— make  sure  your  information  systems 
are  able  to  provide  the  relevant  performance  data  to  achieving  goals  (IRMC 
Measuring  Results  of  Organizational  Performance  Course). 


337 


Also,  see  Learning  from  Best  Practices  in  Strategic  Planning  (Pegi  Panfely  and  Leigh- 
Aim  Sonmer,  in  Strategy  and  Leadership,  1996,  September-October),  Reinventing  Strategic 
Planning  for  a  Dynamic  Environment  (American  Productivity  and  Quality  Center,  Houston, 
1997),  and  Balancing  Measures:  Best  Practices  in  Performance  Management  (NPRG,  1999, 
August,  http://govinfo.librarv.unt.edu/npr/librarv/papers/bkerd/halmP.T9nrphfml  p 
61)  (IRMC  Measuring  Results  of  Organizational  Performance  Course).  Strategic 
Implementation  Plan:  http:/ /www.hpcc.gov  or  gopher: / /gopher.hpcc.gov. 

A  great  artist  was  asked  which  of  his  paintings  he  considered  to  be  the  best.  He 
thoughtfully  paused  for  a  moment  and  then  replied,  "My  next  one."  (W.  H.  Clark,  "The 
Mystic  in  Time  and  Space,"  Rosicrucian  Digest,  1973,  Vol.  LI,  No.  9,  p.  33.) 

Strategic  Programming 

Strategic  programmers  move  toward  known  goals  and  knowable  futures.  They 
extrapolate  a  set  of  known  conditions  into  the  future.  Strategic  programming  parallels 
data  mining  as  well  as  management.  It  is  contrasted  with  strategic  thinking  below. 

Strategic  programming  is  well  suited  to  stable  and  complex  planning  environments  such 
as  airline  scheduling. 

Somebody  said  that  it  couldn’t  be  done 
But  he  with  a  chuckle  replied 
That  maybe  it  couldn't,  but  he  would  be  one 
Who  wouldn't  say  so  till  he  tried. 

So  he  buckled  right  in  with  the  trace  of  a  grin 
On  his  face.  If  he  worried,  he  hid  it 
He  started  to  sing,  as  he  tackled  the  thing 
That  couldn't  be  done,  and  he  did  it. 

Somebody  scoffed,  "Oh  you’ll  never  do  that." 

At  least  no  one  ever  has  done  it. 

But  he  took  off  his  coat  and  he  took  off  his  hat 
And  the  first  thing  we  knew,  he'd  begun  it. 

With  a  lift  of  his  chin  and  a  bit  of  a  grin 
Without  any  doubting  or  quibble. 

He  started  to  sing  as  he  tackled  the  thing 
That  couldn't  be  done  and  he  did  it. 

There  are  thousands  to  tell  you  it  cannot  be  done 

There  are  thousands  to  prophesy  failure 

There  are  thousands  to  point  out  to  you  one  by  one 

The  dangers  that  wait  to  assail  you 

But  just  buckle  in  with  a  bit  of  a  grin 

Just  take  off  your  coat  and  go  to  it 

Just  start  to  sing  as  you  tackle  the  thing 

That  cannot  be  done  and  you'll  do  it. 

(Edgar  A.  Guest,  "It  Couldn't  Be  Done.") 

Strategic  Thinking— see  Convergent  Thinking,  Nonlinear  Systems,  Systems  Thinking 
Strategic  thinkers  move  towards  the  unknown  and  unknowable  future.  They  envision 
a  future  and  reshape  existing  conditions  to  meet  that  future.  Strategic  thinking  parallels 
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data  exploration  as  well  as  leadership.  It  is  also  similar  to  systems  thinking,  but  contrasts 
with  strategic  programming.  These  two  concepts  were  developed  by  Paul  Raymond  and 
Henry  Mintzberg  and  discussed  in  the  IRMC's  New  World  of  the  CIO  Course.  Kennedy's 
prediction  of  the  man  on  the  moon  depicts  strategic  thinking. 


Dichotomy  Models  Paralleling  Strategic  Programmini 
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If  opportunity  doesn't  knock,  build  a  door.  (Milton  Berle) 

Stratified  Sampling 

The  final  sample  of  subjects  must  have  a  predetermined  distribution  of  certain 
attributes  so  selection  takes  place  as  in  random  sampling,  except  that  once  the 
predetermined  number  of  cases  in  a  certain  category  have  been  selected,  further 
candidates  with  that  attribute  are  discarded  (IRMC  Measuring  Results  of  Organizational 
Performance  Course).  In  essence,  a  predetermined  number  of  random  samples  is  selected 
{in  a  random  order)  from  each  attribute  subgroup.  The  result  can  be  more  optimal  than 
true  random  sampling  (with  the  same  number  of  samples  chosen),  since  the  subgroups 
are  distinctive  and,  if  not  fully  represented,  may  skew  the  randomly  sampled  results. 
Stratified  sampling  precludes  such  a  situation.  It  can  thus  be  conducted  accurately  with 
fewer  samples. 

For  13  years  I  taught  my  tongue  not  to  tell  a  lie;  and  for  the  next  13, 1  taught  it  to  tell  the 
truth.  (The  Koretzer  Rabbi,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994, 
p.  486.) 

Structured  Query  Language  (SQL)  (acronym  pronounced  "sequel"  or  spelled  out) 

SQL  is  a  standardized  query  language  for  requesting  information  from  a  database. 

The  newer  Microsoft  database  is  called  SQL  server. 

The  room  was  thick  with  two  conversations,  the  one  we  were  having  and  the  one  we 
were  choosing  not  to  have.  (Lawrence  Block,  Even  the  Wicked,  WiUiam  Morrow  &  Co.,  NY, 

1997,  p.  283.) 

Supervisory  Control  And  Data  Acquisition  (SCAD A) — see  Critical  Infrastructure 
Protection 

The  brain  and  central  nervous  systems  of  our  critical  infrastructures  including  sensors, 
commimications,  and  master  control  systems.  The  increasing  reliance  on  computerized 
systems  for  the  control  and  operation  of  key  infrastructures  in  advanced  societies  for  their 
economic,  social,  political,  and  military  strength  is  both  a  boon  and  a  vulnerability  for 
these  systems  and  societies.  This  includes  the  supply  of  energy  (electricity,  gas,  oil),  the 
management  of  transportation  (railroads,  air  traffic  control,  motor  vehicle  movement),  the 
transfer  of  digital  wealth  (electronic  funds  transfer,  digital  banking,  control  of  stock 
exchanges),  and  the  operation  of  the  very  telematic  media  that  support  the  entire 
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structure.  If  one  looks  below  the  surface  of  almost  any  segment  of  daily  life  in  modern 
society,  one  finds  a  computer  (Daniel  Kuehl,  "Strategic  IW:  A  Concept"  Canberra, 
Australia,  Australian  National  University's  Strategic  and  Defence  Studies  Centre  1999 
working  paper  No.  332,  p.  7).  See  "SCADA  and  Related  Systems:  Critical  and  Vulnerable  ' 
Elements  of  Domestic  Components  of  National  and  Economic  Security,  (Richard  Berardino 
National  Defense  University,  June  10, 1996)  (IRMC  Assuring  the  Information 
Infrastructure  Course). 

It  is  a  mistake  to  give  power  to  people  who  want  it  too  much.  Often  they're  too 
concerned  with  the  trappings  and  the  perks.  (Warren  Bennis,  "Lessons  in  Leadership  " 

Bottom  Line  Personal,  1996,  Vol.  17,  No.  13,  July  1,  p.  14.) 

Supplier  Relationship  Management  (SRM) 

By  integrating  its  suppliers  into  its  business  processes,  an  enterprise  can  achieve 
efficiencies  and  better  serve  its  customers  (become  more  customer-centric  or  outcome 
oriented).  The  emphasis  is  on  value  engineering  for  customers  versus  simply  cost 
reduction.  Indeed,  the  enterprise  tailors  its  treatment  of  its  suppliers  to  strengthen  critical 
relationships.  SRM  is  complementary  to  some  reengineering  efforts:  in  Reengineering  the 
Corporation,  Michael  Hammer  and  James  Champy  describe  the  truck  company  that  gave 
Its  tire  supplier  access  to  its  production  records,  in  exchange  for  that  supplier's  guarantee 
that  the  proper  tires  would  be  available  as  needed  (just  in  time  availability)  as  trucks 

proceeded  down  the  production  line.  In  this  manner  the  truck  company  eliminated  its  tire 
inventory  and  logistics  challenges. 

The  extent  of  the  definition  of  SRM  varies  considerably;  Some  include  enterprise 
resource  planning  (ERP),  supply  chain  planning  (SCP),  supply  chain  execution  (SCE),  and 
third  party  logistics  (3PL)  within  SRM,  and  some  do  not.  It  has  been  said  that,  "[SRM]  has 
emerged  as  enterprises  seek  to  create  a  more  disciplined  and  strategically  managed 
structure  around  all  supplier  relationships  to  ensure  that  the  entire  enterprise  is  in 
harmony  and  to  achieve  an  optimal  return  on  supplier  relationships.  This  goes  beyond  e- 
procurement  and  strategic  sourcing  to  embrace  the  collaborative  creation  and 
management  of  supplier-enterprise  products  and  processes.  Suppliers  and  enterprises 
ecome  an  integrated  entity  centered  on  the  goal  of  meeting  customer  needs  in  a  way 
superior  to  competitors"  {Enterprises  Drive  Competitive  Advantage  Through  SRM,  Gartner 
Group  report,  April  16, 2001,  engagement  No.  220053130).  "SRM  starts  with  collaborative 
design  and  a  willingness  to  share  intellectual  capital  and  access  to  common  applications 
and  information  with  suppliers."  Thus,  SRM  is  implemented  in  a  manner  reminiscent  of 
mtegrated  product  teams  with  participants  from  the  enterprise  and  its  supplies  sharing  a 
common  end— more  competitive  end-customer  service.  Some  Japanese  firms  implement 
Shukko,  a  method  of  loaning  experts  and  executives  to  suppliers.  Further,  "SRM  increases 
an  enterprises  ability  to  optimize  supplier  relationships  to  produce  superior  customer 
solutions  and  drive  revenue  generation  and  profitability. 

Gartner  believes  that  by  2005  enterprises  will  move  strongly  to  SRM  methodologies  or 
they  will  see  profit  reductions  of  close  to  2  percent."  This  is  more  understandable  when 
one  considers  that  the  weakest  link  in  the  chain  determines  the  strength  of  the  chain.  SRM 
mcludes  focusing  resources  to  improve  the  chain  as  a  whole.  Per  the  dictum  of  systems 
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6ngineeririg,  optimizing  the  parts,  de-optimizes  the  whole;  optimizing  the  whole,  de- 
optimizes  the  parts.  Thus,  an  enterprise-systems  perspective  of  the  entire  supply  chain 
can  greatly  enhance  its  overall  competitiveness. 

Among  organizations,  such  role  taking  involves  boundary  spanning  or  overlap  for 
example,  through  short-term  visits,  long-term  transfers  (known  in  Japan  as  shukko),  or 
stable  interorganizational  teams.  Like  on-the-job  training  for  individuals  (pervasive  in  Japan 
as  a  mode  of  socializing  newcomers  in  a  corporate  culture),  it  is  interorganizational 
"learning  by  doing."  The  people  of  each  firm  immerse  themselves  in  the  routines  of  the 
other,  thereby  gaining  access  to  the  partner's  stock  of  tacit  knowledge.  A  clear  benefit  is  that 
learning  takes  place  without  the  need  first  to  convert  tacit  knowledge  to  explicit  knowledge. 

This  saves  time  and  resources  and  better  preserves  the  original  knowledge  base.  (James  R 
Lincoln,  Christina  L  Ahmadjian,  and  Eliot  Mason,  "Organizational  Learning  and  Purchase- 
Supply  Relations  in  Japan:  Hitachi,  Matsushita,  and  Toyota  Compared,  Califomiu 
Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  241-264.) 

Symmetric  Cryptography — see  Asymmetric  Cryptography  and  Encryption 

Single-key  method  of  encrypting  and  decrypting  text,  such  as  the  data  encryption 
standard;  also  called  conventional  cryptography.  The  problem  with  symmetric 
cryptography  is  that  the  participants  must  prearrange  their  transmission  so  that  they  both 
(or  all)  have  the  same  secret  key.  Also,  if  several  people  share  this  key,  the  key  is  more 
vulnerable  to  compromise. 

Tyger!  Tyger!  burning  bright 
In  the  forests  of  the  night. 

What  immortal  hand  or  eye 
Could  frame  thy  fearful  symmetry? 

What  the  hand  dare  seize  the  fire? 

And  what  shoulder,  and  what  art. 

Could  twist  the  sinews  of  thy  heart? 

And  whey  thy  heart  began  to  beat. 

What  dread  Hand?  and  what  dread  feet?  . . . 

(WiUiam  Blake,  1757-1827,  from  "The  Tyger,"  from  Songs  of  Experience,  from  The  Oxford 
Dictionary  of  Quotations,  Oxford  University  Press,  New  York,  1980,  p.  87,  No.  14.) 


System 

1)  A  regularly  interacting  or  interdependent  group  of  items  forming  a  united  whole. 

2)  A  group  of  devices,  artificial  objects,  or  an  organization  forming  a  network, 
especially  for  distributing  something  or  serving  a  common  purpose. 

3)  An  organized  set  of  doctrines,  ideas,  or  principles  usually  intended  to  explain  the 
arrangement  or  working  of  a  systematic  whole  [paradigm]. 

4)  A  manner  of  classifying,  symbolizing,  or  schematizing — for  example,  a  taxonomy 
(Webster's  New  Collegiate  Dictionary,  1976). 

Abundance  of  knowledge  does  not  teach  a  man  to  be  wise.  (Heraclitus,  quoted  by  Jacob 
M.  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall 
Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  465.) 
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System  Administration,  Networking  and  Security  (SANS)  Organization— see 
International  Information  Systems  Security  Certification  Consortium  (ISC^)  and  National 
Security  Telecommunications  and  Information  Systems  Security  Instruction  (NSTISSI) 
An  organization  that  has  established  a  computer  security  certification  program  called 
the  System  Network  Assurance  Program  (SNAP),  consisting  of  a  standard  series  of 
briefings,  courses,  and  tasks  for  demonstrating  technical  knowledge 
(http:/ / www.sans.org/ aboutsans.php )  (IRMC  Developing  Enterprise  Security 
Strategies,  Guidelines,  and  Policies  Course). 

18.  Past  experience  is  excellent  for  providing  a  reality  check.  Too  much  reality  can  doom 
an  otherwise  worthwhile  design,  though.  (David  Akin,  professor.  University  of  Maryland, 

"Akin's  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and  confirmed  by  Dr. 

Akin  ckkin@umd.edu  or DAK1N@SSI..UMD.LDU.  See  http://sparprraft.ssl.iimd  ed,./ 
academics/akins  lawshtml  i 


Systematic  Sampling 

A  sampling  interval  determined  by  dividing  the  desired  sample  size  (n)  into  the 
number  of  elements  in  the  accessible  population  (N)  (i.e.,  N  divided  by  n)  and  then 
drawing  the  first  element  at  random  from  the  first  sampling  interval.  Thereafter,  every 
element  at  the  next  sampling  interval  is  included  in  the  sample  (IRMC  Measuring  Results 
of  Organizational  Performance  Course). 

I  have  traveled  the  length  and  breadth  of  this  country  and  talked  with  the  best  people, 
and  I  can  assure  you  that  data  processing  is  a  fad  that  won't  last  out  the  year.  (The  editor  in 
charge  of  business  books  for  Prentice  Hall,  Inc.,  1957  [received  by  author  via  Internet  e-mail 
and  verified  in  Christopher  Cerf  and  Victor  Navasky,  The  Experts  Speak,  Villard,  NY,  1984 
p.  230].) 

Systems  Analysis 

The  act,  process,  or  profession  of  studying  an  activity  (as  a  procedure,  business,  or 
physiological  function)  typically  by  mathematical  means  in  order  to  define  its  goals  or 
purposes  and  to  discover  operations  and  procedures  for  accomplishing  them  most 
efficiently  {Webster's  New  Collegiate  Dictionary,  1976,  p.  1174). 


To  this  day,  we  screw  in  light  bulbs  because  one  of  Edison's  lab  assistants  saw  the 
similarity  between  problems  keeping  the  newly  developed  light  bulbs  in  their  sockets  and 
the  screw  top  cap  of  a  kerosene  can.  As  mentioned  earlier,  inflatable  splints  and  medical  IV 
bags  are  not  obvious  places  to  look  when  searching  for  solutions  to  a  basketball  shoe 
problem,  yet  the  engineers  at  Design  Continuum  recognized  nonobvious  similarities  that 
led  to  the  development  of  the  Reebok  Pump  shoe.  (Andrew  B.  Hargadon,  "Firms  as 
Knowledge  Brokers:  Lessons  in  Pursuing  Continuous  Innovation,"  California  Nlanamnent 
Revieiu,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  209-227.) 

Systems  Architecture  (SA)— see  Architecture,  Operational  Architecture,  Technical 
Architecture 

The  physical  connection,  location,  and  identification  of:  key  nodes,  circuits,  networks, 
war-fighting  platforms,  etc.,  and  the  specification  of  system  and  component  performance 
parameters.  It  is  constructed  to  satisfy  operational  architecture  requirements  per 
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standards  defined  in  the  technical  architecture.  The  SA  shows  how  multiple  systems 
within  a  subject  area  link  or  interoperate  and  may  describe  the  internal  construction  or 
operations  of  particular  systems  within  the  architecture.  Its  primary  purpose  is  to  enable 
or  automate  operational  activities  through  physical  processes.  The  SA  identifies  system 
interfaces  and  defines  connectivity  between  systems.  An  SA  maps  platforms,  functions, 
characteristics,  data  elements  onto  the  operational  architecture — connecting  the  means  to 
the  ends.  It  also  defines  systems  constraints  and  the  boundaries  of  system  performance. 
An  SA  is  technology-dependent,  but  supports  multiple  command  organizations  and 
missions,  but  should  not  be  based  on  current  organizational  models,  force  structures,  or 
fielded  technologies  (IRMC  Advanced  Software  Acquisition  Management  Course). 

Third,  a  common  tendency  to  firmly  segregate  knowledge  users  ("decision  makers") 
from  many  of  those  involved  in  generating  knowledge  further  serves  to  separate  knowledge 
from  its  potential  uses.  The  universal  use  of  the  term  "knowledge  worker,"  as  distinct  from 
workers  who  presumably  don't  have  or  use  knowledge,  is  a  prime  indicator  of  how 
common  this  sort  of  error  is.  A  recent  survey  by  Mark  Fruin  on  how  knowledge  is 
understood  and  valued  at  Toshiba  points  out  the  fatuousness  of  these  labels.^’  (Liam  Fahey 
and  Laurence  Prusak,  "The  Eleven  Deadliest  Sins  of  Knowledge  Management,"  California 
Management  Review,  Berkeley,  CA,  Spring  1998,  volume  40,  Issue  3,  pp.  265-276.) 

Systems  Engineering — see  Systems  Management  and  Systems  Thinking 

Systems  engineering  is  an  engineering  discipline  or  specialty  that  address  systems  or 
networks  of  subsystems  or  components.  The  processes  occurring  within  such  sub-systems 
are  completely  ignored  by  systems  engineers  (but  a  major  concern  to  design  engineers). 
Systems  engineers  refer  them  to  as  "black  boxes"  because  they  are  considered  to  be 
opaque — the  systems  engineer  cannot  see  what  is  going  on  within  the  black  box. 
However,  the  systems  engineer  is  greatly  concerned  with  the  inputs  and  outputs  of  black 
boxes.  Thus,  systems  engineers  are  concerned  with  designing  systems  and  networks. 

They  are  the  architects  of  the  electronic  world.  In  the  government,  systems  engineers  are 
frequently  a  select  subset  of  electronics  engineers  (job  series  0855)  or  general  engineers 
(job  series  0801)— especially  in  the  world  of  IT.  Systems  engineers  are  also  concerned  with 
overall  systems  performance— outcome  measures  as  well  as  overarching  considerations. 
The  latter  are  formulated  into  technical  disciplines  (formerly  addressed  in  MIL-STD-499) 
that  include:  safety,  configuration  management,  test  and  evaluation,  and  electronic 
emissions.  Project  engineers  and  managers  should  be  well  versed  in  systems  engineering. 
It  is  a  major  curriculum  in  the  capstone  course  for  program  managers  (for  level  3, 
advanced,  certification  under  the  Defense  Acquisition  Workforce  Improvement  Act, 
DAWIA),  PMT302  (also  called  the  Advanced  Program  Managers  Course  or  APMC)  at  the 
Defense  Systems  Management  College  (DSMC)  of  the  Defense  Acquisition  University 
(DAU)  in  Ft.  Belvoir,  VA.  Systems  engineers  should  use  systems  thinking  without 
thinking.  For  information  on  the  U.S.  Air  Force  Systems  Engineering  Procedures  (SEP), 
see  http:  /  /Webi  .ssg.gunter. af.mil/  (IRMC  Advanced  Information  System  Acquisition 
Course). 

SPAWAR  Chief  Engineer: 

https:  /  /  skc.spawar.navy.mil/  skctoday.nsf/  skctodayTreadfonn 
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Engineering  and  Public  Policy  (including  the  program  in  International  Peace  and 
Security):  http:  /  / w vvw.epp.r m  1 1  P(-l  1 1  / 

INCOSE,  International  Council  on  Systems  Engineering,  Washington  Metropolitan 
Area  Chapter  (WMA)  Web  Page:  h  t  tp:  /  /  \ v vv w , j  ncose-vvma.org  /into/  General  INCOSE 
Info:  800-366-1164; 

INCOSE  Web  page:  http:/ / vvvvw.incose.org  wmackey@csc.com  301-921-3082. 

Deputy  Director,  Systems  Engineering:  http:/ /www.acq.osd.mil/io/se/index  htm 

American  Society  of  Naval  Engineers:  http:/  / www.navaleneineers.orp-/  703-836-6727- 
FAX=  703-836-7491,  ASNEH0@NAVA1  .FNCINEERS  oj^  ^  ^ 

Any  competent  scientist  can  think  logically.  The  great  ones  use  intuition.  (Isaac  Asimov, 

A  Problem  of  Numbers,"  The  Best  Mysteries  of  Isaac  Asimov,  Fawcett  Gold  Medal  Books 
New  York,  1986.) 

Systems  Integration/Integrator 

An  entity  that  integrates  or  combines  various  components  to  form  a  complete, 
functional  system  to  meet  overall  and  specific  system  requirements  (outcomes).  Systems 
integration  can  be  done  by  the  government  or  a  contractor,  but  each  system  must  have  a 
systems  integrator  to  succeed.  Government  offices  sometimes  (virtually  never 
successfully)  serve  as  de  facto  systems  integrators.  It  is  necessary  to  designate  a  systems 
mtegrator  in  order  to  focus  responsibility  and  accountability  for  systems  performance. 
Generally,  the  prime  contractor  will  perform  systems  integration,  integrating  the 
contributions  of  various  subcontractors  and  vendors.  The  systems  integrator  will 
normally  perform  program  or  project  management  functions  including:  make  or  buy 
decisions,  systems  engineering,  systems  test  and  evaluation,  training,  subcontract 
management,  architectural  design,  financial  management,  logistical  analysis,  and  risk 
management  and  analysis.  Many  systems  integrators  and  prime  contractors  propose  to 
perform  a  significant  portion  of  the  design  engineering  and  software  development,  but 
not  all  contractors  have  quality  track  records  in  these  areas  (especially  software).  The 
government  now  requires  that  bid  evaluations  include  historical  performance  factors  for 
such  reasons.  It  is  not  necessary  for  the  systems  integrator  to  produce  the  majority  of  the 
components/assemblies  of  the  system.  They  should,  however,  excel  in  systems 

engineering  and  systems  management  (IRMC  Advanced  Information  System  Acquisition 
Course).  ^ 


Maturity  is  also  characterized  by  high-level  ambiguity  tolerance  ...  A  mature  person 

has  an  enormous  ambiguity  tolerance.  (Lee  Roloff,  audiotape  from  C.  G.  June  Institute  of 
Chicago.)  ^ 

Systems  Management 

The  management  of  systems  that  entails  the  application  of  systems  engineering 
principles  and  systems  thinking.  "Because  a  system  is  a  whole  that  cannot  be  divided  into 
independent  parts,  its  performance  is  never  equal  to  the  sum  of  the  actions  of  its  parts 
taken  separately;  it  is  a  function  of  their  interactions.  It  can  be  shown  that  when  each  part 
of  a  system  taken  separately  is  made  to  perform  as  well  as  possible,  the  system  as  a  whole 
cannot  perform  as  well  as  possible  (Sengupta  and  Ackoff,  "Systems  Theory  from  an 
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Operations  Research  Point  of  View/'  General  Systems,  Vol.  10,  pp.  43-48).  "Therefore, 
effective  system  management  must  focus  on  the  interaction  of  its  parts  rather  than  on 
their  actions  taken  separately  . . .  [since]  it  has  been  estimated  that  at  least  90  percent  of 
today's  workers  can  do  their  jobs  better  than  their  bosses  can  . . .  today's  manager  has 
three  principal  fimctions  ...  to  create  an  environment  in  which  our  subordinates  can  do  as 
well  as  they  know  how  . . .  develop  those  for  whom  they  are  responsible  . . .  [and]  manage 
the  interactions  of  those  for  and  to  whom  they  are  responsible"  their  units  with  other 
units  and  their  organization  with  other  organizations  (Russell  Ackoff,  "Systems  Thinking 
and  Thinking  Systems,"  Systems  Dynamics  Review,  1994,  Vol.  10,  No.  2-3,  Summer-Fall, 
pp.  175-88)  (IRMC  Leadership  for  the  2T‘  Century  Course).  System  managers  include: 
system  security  administrator  (SSA),  system  administrator  (SA),  and  network  security 
officer  (NSO)  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 


I  wrote  somewhere  once  that  the  third-rate  mind  was  only  happy  when  it  was  thinking 
with  the  majority,  the  second-rate  mind  was  only  happy  when  it  was  thinking  with  the 
minority,  and  the  first-rate  mind  was  only  happy  when  it  was  thinking.  (A.  A.  Milne,  War 
and  Humor,  quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing 
Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  236.) 

System  Security  Authorization  Agreement  (SSAA) 

The  primary  document  required  for  system  security  accreditation  imder  the  defense 
information  technology  security  certification  and  accreditation  process  (DITSCAP).  It  is 
an  agreement  among  the  designated  approval  authority  (DAA),  certification  authority 
(CA),  user,  and  program  manager.  The  site  SSAA  should  include  appendices  for  each 
system  or  application  included  in  it  (IRMC  Developing  Enterprise  Security  Strategies, 
Guidelines,  and  Policies  Course). 


17.  The  fact  that  an  analysis  appears  in  print  has  no  relationship  to  the  likelihood  of  its 
being  correct.  (David  Akin,  professor.  University  of  Maryland,  "Akin's  Laws  of  Spacecraft 
Design"  [received  via  Internet  e-mail]  and  confirmed  by  Dr.  Akin  dakin@umd.edu  or 
DAKIN@SSL.UMD.EDU.  See  http:  /  /spac.ecraft.ssl.um.d.edu/academi.cs/ akins  laws.html.) 


System  Software 

Software  that  controls  basic  operations  of  the  computer  including  what  programs  are 
running  and  which  physical  areas  of  the  computer  may  be  accessed.  System  software 
must  be  protected  from  unauthorized  access  (should  be  limited,  controlled,  and 
monitored).  It  includes:  operating  system  software  (DOS  or  Windows),  system  utilities, 
program  library  system,  file  maintenance  software,  security  software,  data 
communications  system,  and  database  management  systems.  Vulnerabilities  include: 
remote  access  to  system  master  console  via  dial-in,  vendor  supplied  logons  for 
maintenance  or  setup,  vendor  access  packages,  and  system  interfaces  for  commrmications 
or  security  (IRMC  Developing  Enterprise  Security  Strategies,  Guidelines,  and  Policies 
Course). 


The  NIH  Syndrome:  Not  Invented  Here. 
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System  Support  Office  (SSO) 

SSOs  do  the  actual  programming  of  applications  located  in  Defense  Information 
System  Agency  MegaCenters  {Glossary  ofIM/IT  &  KM  Terms). 

640K  ought  to  be  enough  for  anybody.  (Attributed  to  Bill  Gates,  Founder  and  Chief 
Executive  Officer  of  Microsoft,  1981  [received  via  Internet  e-mail  and  quoted  by  Christopher 
Cerf  and  Victor  Navasky  in  The  Experts  Speak,  Villard,  NY,  1984,  p.  231].) 

Systems  Thinking — see  Systems  Engineering;  Fifth  Discipline  Fieldbook  for  Educators, 
Parents,  and  Everyone  Who  Cares  About  Education  http:  /  / www.fieldbook.cm-n 

An  approach  for  managing  complexity  by  helping  decision-makers  understand  the 
cause-and-effect  relationships  with  knowledge,  information,  and  data.  It  identifies  types 
(or  patterns)  that  occur  repetitively  in  decision-making.  Systems  thinking  expands 
individual  thinking  perspectives  and  improves  individual  and  organizational  decision¬ 
making  (Glossary  ofIM/IT  &  KM  Terms).  Peter  Senge's  Fifth  Discipline  is  a  classic  work  in 
systems  thinking.  The  Department  of  the  Navy  Chief  Information  Officer  also  has  a  CD 
on  systems  thinking,  but  it  is  only  available  to  authorized  personnel  (e.g.,  government 
workers)  due  to  copyright  restrictions.  IRMC's  Leadership  for  the  2r'  Century  Course 
defines  it  as  an  approach  that  seeks  to  explain  the  behavior  of  the  whole  by  examining 
the  relationships  among  the  parts  as  they  affect  the  whole."  The  building  blocks  of 
systems  thinking  involve  understanding  feedback,  including:  the  reinforcing  process  of 
vicious  and  virtual  circles  of  causation  and  small  changes  that  grow  (a  la  Gladwell's 
Tipping  Point),  balancing  process  with  implicit  sources  of  stability  and  resistance  and 
underlying  goal-directed  behavior,  and  delays  and  interruptions  between  actions  and 
consequences  (IRMC  Leadership  for  the  2L'  Century  Course). 

Imagination  is  the  highest  kite  one  can  fly.  (Lauren  Bacall,  quoted  by  Noah  ben  Shea  in 
Great  Jewish  Quotes,  Ballantine,  New  York,  1993.) 
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Tacit  Knowledge 

Personal  "know-how"  that  is  difficult  to  articulate  because  it  is  derived  from 
individual  experience  and  beliefs.  Tacit  knowledge  is  implicit  in  how  one  performs  on  the 
job.  Assisted  by  the  Department  of  the  Navy  (DON)  Chief  Information  Officer  KM  team, 
the  SPAWAR  Systems  Center  Charleston  (SSC-CH)  pursued  tacit  knowledge  through  its 
KM  pilot  initiative.  SSC-CH  videotaped  structured  interviews  with  knowledgeable 
persormel  in  order  to  capture  tacit  knowledge  in  a  particular  domain.  The  resulting 
videos  were  edited  in  order  to  create  short,  pithy  knowledge  nuggets  for  indexing  and 
storage  into  a  knowledge  repository  available  for  employee  viewing.  Employees  are 
encouraged  to  access  and  absorb  knowledge  from  this  knowledge  base  in  order  to 
complete  the  tacit  knowledge  transfer  (TNT)  process.  This  technique  can  be  replicated  to 
add  additional  domains  and  to  port  it  to  other  DON  activities.  However,  the  contents  of 
the  present  repository  may  be  considered  proprietary. 

It  is  merely  the  bias  of  most  modem  scholars  to  think  that  something  does  not  exist 
unless  it  is  written  down  in  some  text.  (John  Myrdhin  Reynolds,  The  Golden  Letters,  Snow 
Lion  Publications,  Ithaca,  NY,  1996,  p.  203.) 

Tacit  Knowledge  Transfer  (TNT) 

This  term  implies  the  complete  cycle  of  capturing,  storing,  distributing,  and  re-using 
tacit  knowledge  (i.e.,  tacit  KM).  It  builds  upon  tacit  knowledge  capture  but  also 
emphasizes  social  and  human  considerations  essential  to  motivating  the  successful  re-use 
of  tacit  knowledge.  A  large  knowledge  base  is  worthless  if  never  utilized.  The  present 
brain  drain  (formerly  predicted  by  the  Hudson  Report,  Workforce  2000)  has  highlighted 
the  need  for  advances  in  TNT.  It  is  a  major  challenge  for  knowledge  workers  and 
managers.  Since  this  challenge  is  shared  across  the  government,  successful  techniques  and 
processes  that  address  TNT  would  have  great  effect  overall  and  have  a  high  potential  for 
cost-effectiveness. 

Thoughts  unexpressed  may  sometimes  fall  back  dead;  but  God  himself  can't  kill  them 
when  they're  said.  (Will  Carlton,  The  First  Settler's  Story,  1895-1912,  st.  21,  from  Familiar 
Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  123.) 

T  arget/Threshold 

A  particular  value  is  derived  analytically  or  intuitively  that  states  either  (1)  some 
desired  ultimate  value  or  (2)  a  minimally  acceptable  value  of  the  measure  that  will  enable 
the  organization  to  be  successful  (IRMC  Measuring  Results  of  Organizational 
Performance  Course).  This  is  a  technique  to  determine  if  an  intervention  or  initiative  has 
succeeded  or  not.  It  is  an  alternative  to  use  of  a  baseline  or  benchmark.  The  standard 
(target  or  threshold)  chosen  can  be  more  realistic  regarding  an  organization's  starting 
point  (e.g.,  an  industry  benchmark  may  simply  be  unreachable  in  the  short  term  so  a 
threshold  or  target  is  established  on  a  path  towards  meeting  the  external  benchmark)  or 
more  tailored  to  its  needs  (if  an  external  benchmark  doesn't  apply  to  an  organization  as  a 
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special  case — not  resembling  other  entities  in  their  industry  or  field  closely  enough  for  a 
good  comparison). 

When  Diogenes  was  very  old,  his  friends  urged  him  to  ease  up  and  rest.  "What?" 
roared  Diogenes.  "If  I  were  running  in  a  stadium  ought  1  to  slacken  the  pace  when 
approaching  the  goal?  Ought  I  not  rather  to  put  on  speed?"  quoted  by  Jacob  Braude  in  Nm 
Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood 
Cliffs,  NJ,  June  1961,  p.  275.) 

Taxonomy — see  Knowledge  Management  Taxonomy 

A  consistent,  scientific  classification  schema  and  its  resulting  catalog,  used  to  provide  a 
conceptual  framework  for  discussion,  analysis,  or  information  or  knowledge  retrieval.  A 
good  taxonomy  should  separate  elements  of  a  group  into  subgroups  that  are  mutually 
exclusive,  homogeneous,  unambiguous,  and  (taken  together)  include  all  possibilities.  It 
should  also  be  simple,  easy  to  remember,  and  easy  to  use  (adapted  from  Glossary  oflM/lT 
&  KM  Terms).  Taxonomies  are  hierarchical  in  nature  and  usually  arranged  in  clustered 
formats  similar  to  outlines  or  tables  of  contents.  The  Dewey  decimal  system  is  an  example 
of  a  taxonomy  of  knowledge.  There  are  alternative  schemas  such  as  indexing,  as  well  as 
relational  and  object-oriented  arrangements.  The  Department  of  the  Navy  Chief 
Information  Officer  is  presently  pursuing  the  creation  of  a  standard  "enterprise 
knowledge  management"  taxonomy  that  will  be  published  upon  completion  and 
available  to  the  public. 

Prejudice  is  hardening  of  the  categories.  (Charlie  Sproull,  PMA264,  NAVAIR,  March  23, 

1982.) 

Technical  Architecture  (TA)— see  Architecture,  Operational  Architecture,  Systems 
Architecture 

The  joint  technical  architecture  QTA),  while  entitled  "architecture,"  is  now  referred  to 
as  a  "view"  of  the  Department  of  Defense  (DoD)  IT  architecture.  DoD's  technical 
architecture  framework  for  information  management  (TAFIM)  was  the  predecessor  to 
JTA.  See  Architecture  Concepts  and  Design  Guidance  (TAFIM)  (DoD,  1994,  Vol.  3,  version 
20,  June).  The  TA  identifies  the  services,  interfaces,  standards,  and  their  relationships.  It 
provides  the  technical  guidelines  for  implementation  of  systems  upon  which  engineering 
specifications  are  based,  common  building  blocks  are  built,  and  product  lines  are 
developed.  The  purpose  of  the  TA  is  to  define  the  set  of  rules  that  govern  systems 
implementation  and  operation.  The  TA  is  strongly  influenced  by  operational  architecture 
requirements;  analyses  of  possible  enabling  technologies;  information  systems  paradigms 
of  processing,  databases,  and  communications;  definitions  and  corresponding  technical 
criteria  for  system  capabilities,  services,  and  interfaces;  new  technologies,  emerging 
standards,  and  phase-out  of  old  technologies.  They  account  for  multi-platform  and 
network  interconnection  requirements  among  all  systems  that  produce,  use,  or  exchange 
information  electronically.  TA  rules  are  defined  in  terms  of  nonproprietary  specifications, 
reducing  reliance  on  proprietary  technologies  (IRMC  Advanced  Software  Acquisition 
Management  Course). 
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Managing  your  problems  can  only  make  you  good,  whereas  building  your 
opportunities  is  the  only  way  to  become  great,  gim  Collins,  Good  to  Great,  Harper  Business 
New  York,  2001,  p.  59.) 

Technology  Assessment 

One  of  the  10  federal  chief  information  officer  (CIO)  competencies,  specified  by  the 
Federal  CIO  Council  Executive  Board,  included  in  the  IRMC^s  curriculum  for  the  CIO 
certificate  (IRMC  New  World  of  the  CIO  Course),  http:  /  /  www.ndu.edu  /irmc /. 


http:/ /www.  wws.princeton.edu/~ota  / 

http:  /  /  www.attunetechnologv.com  /  assessment.asp 

http:  /  /  www.icta  .org  / 

http://tap.gallaudet.edu/. 

We  who  look  at  distances  in  microns  and  lightyears  need  to  be  freed  from 
handbreadths  and  cubits.  (Schacter-Shalomi,  Paradigm  Shift,  Aronson,  Northvale,  NJ,  1993, 


Telecommunications  Act  of  1996,  P.  L.  104-104  2/8/96-see  Communications  Decency  Act 

'^®^®coi^^^iiiunications  Act  of  1996  is  also  called  the  CDA.  It  promotes  private  sector 
deployment  of  IT  and  telecommunications  through  competition  and  deregulation.  Its 
Title  V  on  obscenity  and  violence  incited  much  litigation  (and  its  other  title).  It  also 
addresses  telemedicine,  military  readiness,  and  personnel  morale  (IRMC  Assuring  the 
Information  Infrastructure  Course).  Telecommunications  in  general:  http:  /  /  www.iw.com 
Internet  World;  TechWeb  magazine  http:/ /www. tech web.com:  http: / / www.gopher.corn 
to  use  gopher  via  browser;  http:/ /wu^'.shareware.com: 

http:  /  / www.telecomdirect.pwcglobal.com/telecom /direct:TTH /Telecom  Tpchnologv  /N 
etworks  And  Operations/NandOArt:telecom/print.isp: /DncRep /telecom  /TelecomTpr 

hnplogv/NetworksOperations/Q00Q000705.?&dp=PWC.CF.NERAIJNFO.TITLE:Opening 

±.the+Loop;  and  http:  /  / www.telecomdirect.pwcglobal.com  / 

telecom/ direct:TTH/ Telecom  Management/Policv  And  Analvsis/PolvAnaArt.-telecnm/ 
print,  jsp:  /  DocRep  /  telecom  /TelecomManagement  /Policy Anal  vsis  /nnoonoi  1 82 .  ?&-rlp=P 
j!:yC.GENERALlNFO.TITLE:US+Telecom+Industry+ Reacts+ to+Pa  ssage+of+Ta  1 1  zin»/.9H  n 
ingell+Bill+in+ House  discussion  and  mailing  lists  (IRMC  Critical  Information  Systems 
Technologies  Course). 


Politics  is  far  more  complicated  than  physics.  (Albert  Einstein,  Leo  Rosten's  Carnival  of 
Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  383.) 

T  elecommuting 

The  process  whereby  employees  work  from  afar  via  computers,  faxes,  and  video 
teleconferencing  rather  than  physically  at  their  places  of  employment.  The  government, 
for  instance,  has  instituted  programs  in  the  Washington,  DC,  area  for  employees  to 
telecommute  one  or  two  days  per  week  to  reduce  traffic  congestion  on  the  highways. 
Telecommuting  can  be  performed  at  regional  sites  (with  shorter  commutes  for  some 
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workers)  per  the  government's  program  or  from  home  per  some  industry  programs. 
Employees  and  contractors  who  perform  routine  work  outside  the  traditional  office 
setting,  generally  in  fixed,  structured  locations  such  as  satellite  office  suites,  customer  or 
partner  premises,  or  employee  homes.  It  can  be  part  time  (certain  days  per  week),  full 
time  (whole  week  except  for  meetings  held  at  the  office  in  person),  day-extender  (works 
at  office,  but  logs  in  from  home  after  hours),  or  road  warrior  (works  on  the  road  at 
varying  locations — such  as  traveling  salespersons,  couriers,  and  insurance  claims 
adjusters)  (IRMC  Assuring  the  Information  Infrastructure  Course). 

The  brain  is  a  wonderful  organ.  It  starts  working  the  moment  you  get  up  in  the  morning 
and  does  not  stop  until  you  get  to  the  office.  (Robert  Frost,  quoted  by  Dave  Hemsath,  301 
Ways  to  Have  Fun  at  Work,  Berritt-Koehler  Publications,  San  Francisco,  1997,  p.  6.) 


Telephony 

l^e  technology  associated  with  the  electronic  transmission  of  voice,  fax,  or  other 
information  between  distant  parties  using  systems  historically  associated  with  the 
telephone.  With  the  arrival  of  computers  and  the  transmittal  of  digital  information  over 
telephone  systems  and  the  use  of  radio  to  transmit  telephone  signals,  the  distinction 
between  telephony  and  telecommunication  has  become  difficult  to  make  {Glossary  ofIM/IT  & 
KM  Terms). 

Bore:  a  person  who  talks  when  you  want  him  to  listen.  (Ambrose  Bierce,  Leo  Rosten's 
Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  13.) 

Test/Retest  Reliability 

A  technique  for  estimating  instrument  reliability  in  which  scores  are  compared  from 
two  separate  administrations  of  the  same  instrument  to  the  same  group  at  different  times 
(IRMC  Measuring  Results  of  Organizational  Performance  Course). 

There  is  only  one  person  with  whom  you  can  profitably  compare  yourself,  and  this 
person  is  your  yesterday  self.  (Jacob  Braude,  New  Treasury  of  Stories  for  Every  Speaking  and 
Writing  Occasion,  Prentice  Hall,  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  354.) 

Thick  (or  Fat)  and  Thin  Clients 

In  client/server  applications,  a  thin-client  (personal  computer,  terminal,  or 
workstation)  has  little  internal  computing  power  or  memory.  Thus,  the  server  (or 
mainframe  computer)  does  the  bulk  of  the  data  processing.  The  computer  industry  is 
divided  into  two  camps;  Netscape  and  Sun  Microsystems  advocating  Java-based  thin 
clients  running  on  network  computers,  versus  Microsoft  and  Intel  pushing  ever-larger 
applications  running  locally  on  powerful,  thick-client  desktop  computers.  The  present 
situation  is  merely  another  cycle  of  computer  development.  Formerly,  dumb  terminals 
were  serviced  by  large  mainframe  computers  to  create  multi-user  systems.  As  personal 
computers  developed  more  computing  power  and  memory  for  lower  cost,  distributed 
processing  on  powerful  small  units  evolved.  Now  that  telecommunications  has  improved 
and  server  farms  have  been  implemented,  cheaper  thin-client  terminals  have  become 
competitive  with  thick  clients  (except  for  laptops  or  notebooks  dependent  upon  dial-up 
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connections).  Costs  are  already  being  saved  by  licensing  software  applications  centrally 
and  loading  terminals,  as  needed,  from  local  area  network  servers.  It  is  not  a  large  jump 
from  there  to  thin-clients.  Furthermore,  the  advent  of  hand-held  devices  (e.g.,  personal 
digital  assistants)  has  created  a  need  for  smaller  versions  of  popular  applications  that  can 
run,  and  be  adequately  controlled  and  displayed,  on  these  small  devices.  It  is  not 
inconceivable  that  a  sine  wave-like  cycle  may  become  apparent  for  thin  and  thick  client 
implementations  or  architectures. 

Get  your  feet  off  my  desk,  get  out  of  here,  you  stink,  and  we're  not  going  to  buy  your 
product.  (Joe  Keenan,  President  of  Atari,  responding  to  Steve  Jobs'  offer  to  sell  him  rights  to 
the  new  personal  computer  he  and  Steve  Wozniak  had  developed,  1976,  quoted  by 
Christopher  Cerf  and  Victor  Navasky  in  The  Experts  Speak,  Villard,  NY,  1984,  p.  231.) 

Threat  Analysis 

Consists  of:  Threat  identification  (highlight  and  define  threats  to  system),  vulnerability 
analysis  (identify  vulnerabilities  to  the  system  and  estimate  their  potential  for 
exploitation),  correlation  of  vulnerabilities  and  threats  (determine  risk),  and  risk 
assessment  (weigh  events,  relative  impacts,  estimate  likelihood,  rank  acceptability, 
identify  and  evaluate)  (IRMC  Advanced  Software  Acquisition  Management  Course). 

Strong  and  bitter  words  indicate  a  weak  cause.  (Victor  Hugo,  quoted  by  Jacob  Braude 
in  New  Treasury  of  Stories  for  Every  Speaking  and  Writing  Occasion,  Prentice  HaU  Inc., 

Englewood  Cliffs,  NJ,  June  1961,  p.  60.) 

Threats  to  Acceptance  (of  Evaluation  Results) — see  Rater  (Errors) 

Various  conditions  and  arguments  are  sometimes  used  to  challenge  the  validity  of 
experimental  conclusions.  These  include:  convenience  sampling,  face  validity,  Hawthorne 
effect,  judgment  sampling,  maturation,  pretest  sensitization,  selection  interaction,  and 
statistical  regression.  Factor  analysis  (e.g.,  ANOVA)  can  be  helpful  in  addressing  these 
threats  after  the  fact,  but  good  experimental  design  can  help  preclude  them. 

To  err  is  human,  but  when  the  eraser  wears  out  ahead  of  the  pencil,  you're  overdoing  it. 

Q.  Jenkins,  quoted  by  Lawrence  J.  Peter  in  The  Peter  Prescription,  William  Morrow,  New 
York,  1972,  p.  9.) 

Thurstone  Scale 

A  scale  composed  of  a  series  of  statements  having  a  different  degree  of  attitudinal 
intensity  as  indicated  by  unseen  intensity  weights.  Respondents  endorse  those  statements 
with  which  they  agree  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

In  heaven  an  angel  is  nobody  in  particular.  (George  Bernard  Shaw,  in  3,500  Good  Quotes 
for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  220.) 

Time  Dependency 

A  form  of  rater  error  in  which  raters  gives  a  subject  a  rating  on  the  basis  of  either  their 
first  impression  (not  what  came  afterward)  or  on  their  most  recent  accomplishment  (not 
what  they  did  before)  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 
This  is  an  unfair  rating  system  that  places  weights  inappropriately  and  nonstatistically. 
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The  most  important  time  to  help  someone  is  when  they  need  it.  (Dave  Marinaccio,  All  I 
Really  Need  to  Know  I  Learned  from  Watching  Star  Trek,  Crown  Publishing,  New  York,  1994,  p 
8.) 

Time  Horizon — see  Activation  Theory  and  Helicopter  Principle 

The  longest  interval  that  a  particular  person  has  or  can  have  from  the  start  to  the  finish 
of  a  project.  It  is  closely  connected  to  one's  level  of  abstraction.  Elliot  Jaques  asserts  that  it 
is  a  natural  ability  of  talent  inherent  in  individuals,  but  that  the  demonstrated  level 
increases  predictably  with  chronological  age.  This  is  a  similar  relationship  that  the 
intelligence  quotient  (IQ)  has  to  mental  and  chronological  age.  Further,  Jaques  states  that 
one's  presently  demonstrated  time  horizon  should  correlate  with  one's  hierarchical 
position  within  the  enterprise.  It  thus  correlates  well  with  systems  thinking.  This  position 
complements  Jim  Collins''^  emphasis  upon  placing  the  right  people  in  the  right  jobs. 

At  any  particular  point  in  people's  careers  there  is  a  maximum  time-span  at  which  any 
given  person  can  work.  If  people  are  employed  at  levels  of  work  below  that  maximum  time- 
span  they  feel  their  capabilities  are  being  underutilized,  and  they  experience  boredom  and 
frustration.  If  people  are  employed  at  levels  of  work  above  that  maximum  time-span,  they 
become  disorganized  and  anxious  and  are  unable  to  cope.  If  people  are  fortunate  enough  to 
be  employed  at  levels  of  work  that  coincide  with  the  maximum  time-spans  which  they  are 
capable  of  achieving,  then  they  feel  comfortably  employed,  and  so  long  as  their  work  is  of 
interest  and  they  have  the  appropriate  knowledge,  skill,  and  temperament,  they  will  derive 
satisfaction  from  that  work.  It  is  this  maximum  time-span  at  which  a  person  is  able  to  work 
at  a  given  point  in  time  that  I  referred  to  above  as  that  person's  time-horizon.  This  time 
frame  gives  a  measure  of  a  person's  cognitive  power  and  ability  to  handle  conceptual 
complexity  at  that  time.  The  temporal-horizon  sets  the  limits  of  the  world  of  purpose  and 
intention  which  people  can  construct  and  pattern,  and  within  which  they  live  and  organize 
their  active  lives  and  aspirations.  (Elliott  Jaques,  Creativity  and  Work,  International 
Universities  Press  Inc.,  Madison,  CT,  1990,  pp.  102-103.) 

To  be  required  to  work  below  one's  time-horizon  is  frustrating,  de-motivating,  soul- 
destroying  . . .  The  longer  the  time-horizon  of  the  student,  the  longer  there  should  be  the 
opportunity  to  continue  with  "purely  academic"  study.  {Ibid.,  p.  122.) 

...  the  unexpected  finding  that  people  at  the  same  time-span  felt  entitled  to  by  and 
large  the  same  pay;  the  longer  the  time-span  the  higher  the  payment  to  which  they  feel 
entitled.  {Ibid.,  p.  252.) 

Reward  for  performance  and  promote  on  ability  ...  promotion  should  depend  on 
people’s  ability  to  do  the  job  to  which  they're  being  promoted,  and  it  has  little  to  do  with 
their  performance  in  the  job  they  have  now.  Have  a  results  review  and  a 
development/performance  review  separately.  Promotion  is  not  a  reward.  Rewards  can  be 
split  between  individual  and  team  (e.g.,  50  percent  each)  or  all  go  to  team.  (Michael 
Hammer  and  James  Champy,  Reengineering  the  Corporation,  Harper  Business,  New  York, 

1993,  pp.  186-189.) 
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Tolerable  Error — see  Statistical  Significance 

The  largest  amount  of  error  in  the  average  score  of  a  sample  of  cases  that  would  be 
acceptable  for  an  evaluation  (IRMC  Measuring  Results  of  Organizational  Performance 
Course). 


Those  who  throughout  life  make  no  mistakes  almost  certainly  make  nothing  else.  (Chris 
R.  Wamken,  "It's  Hard  to  Say,"  Rosicrucian  Digest,  1975,  Vol.  kill.  No.  9,  p.  15.) 

Total  Cost  of  Ownership  (TCO)  or  Total  Ownership  Cost  (TOC) 

TCO  or  TOC  are  the  current  terms  for  life-cycle  cost  (LCC).  For  example,  in 
acquisition,  the  program  management  office  has,  in  the  past,  prepared  a  program 
manager's  life-cycle  cost  estimate  (PMLCCE).  In  addition,  a  central  specialty  body 
(differing  upon  the  size  of  the  program)  prepared  an  independent  estimate  (formerly 
called  an  independent  cost  estimate  or  ICE).  The  thrust  of  these  efforts  is  to  provide  a 
costing  for  an  entire  program  over  its  complete  life.  This  estimate  includes:  research  and 
development,  procurement,  maintenance,  disposal,  and  any  other  relevant  costs.  Of 
course,  costs  must  be  escalation  factors  so  that  the  TOC  can  be  quoted  in  real  dollars 
(generally  charts  for  both  present  year  and  then  year  dollars  are  provided).  TOC  provides 
a  better  basis  of  comparison  for  Department  of  Defense  investment  in  new  systems, 
equipment,  etc.  Costs  can  be  compared  in  terms  of  present  values.  Use  of  TOC  is  valuable 
to  IT  capital  planning  and  investment,  a  federal  chief  information  officer  competency. 

See  http: /  /wwwTpmcop.dau.mil/,  Program  Managers  CoP  site  and 
Naval  Sea  Systems  Command  site  http: /  / www.navsea.navy.mi]  / sea017/ 
https:  /  /skc.spawar.navy.mil/skctoday.nsf  /  skctoday?readform. 

"If  you  want  truth,"  Nasrudin  told  a  group  of  Seekers  who  had  come  to  hear  his 
teachings,  "you  will  have  to  pay  for  it."  "But  why  should  we  have  to  pay  for  something  like 
truth?"  asked  one  of  the  company.  "Have  you  not  noticed,"  said  Nasrudin,  "that  it  is  the 
scarcity  of  a  thing  which  determines  its  value?"  (Idries  Shah,  The  Pleasantries  of  the  Incredible 
Mulla  Nasrudin,  Octagon  Press,  London,  1968,  p.  68.) 

Transmission  Control  Protocol  (TCP) 

The  protocol  that  provides  application  programs  with  access  to  a  connection-oriented 
communication  service.  TCP  offers  reliable,  flow-controlled  delivery.  More  important 
TCP  accommodates  changing  conditions  in  the  Internet  by  adapting  its  retransmission 
scheme  (Glossary  oflM/lT  &  KM  Terms).  TCP  is  frequently  paired  with  Internet  protocol 
(IP)  to  create  TCP/IP,  the  basic  support  to  Internet/ e-mail  use. 


TCP/IP  Layers' 


TCP/IP  Layer 

Description 

Application 

When  a  user  initiates  data  transfer,  this  layer  passes  the  request  to  the  transport  layer. 

Transport 

This  layer  attaches  a  header  and  passes  the  data  to  the  network  layer. 

Network 

Source  and  destination  IP  addresses  are  added  for  routing  purposes. 

Data  link 

Performs  error  checking  over  flow  of  data  between  the  previous  layers  and  physical  layer. 

Physical 

Moves  data  into  or  out  of  physical  media  (e.g.,  Ethernet,  PPP,  coax,  etc.). 

a.  From  IRMC  Assuring  the  Information  Infrastructure  Course. 
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[When  asked  the  time]  You  mean  now?  (Yogi  Berra,  The  Yogi  Book,  Workman 
Publications,  New  York,  1998,  p.  33.) 

Trojan  Horse 

A  program  performing  services  beyond  those  stated  in  its  specifications,  which  may 
contain  functions  that  allow  unauthorized  collection,  falsification,  or  destruction  of  data. 
They  can  be  found  in  any  type  of  file  that  can  be  downloaded  by  users,  but  they  are 
typically  found  in  freeware  such  as  games,  MP3  songs,  screensavers,  etc.  They  are  usually 
downloaded  via  HTTP  or  FTP  (via  the  Internet).  Hackers  often  employ  Trojan  horses  to 
grab  passwords. 

It  has  been  said  that  public  speakers  fall  into  three  categories:  those  who  lay  each  page 
of  their  speech  on  the  table  in  front  of  them  as  they  finish,  so  the  audience  can  see  how 
much  is  left;  those  who  confuse  the  audience  by  putting  a  completed  sheet  under  the  others 
they  are  holding;  and  worst  of  all,  those  who  appear  to  be  playing  honest  by  placing  the 
sheets  in  front  of  them,  then  horrify  the  audience  by  picking  up  the  whole  batch  and 
beginning  to  read  from  the  other  side.  (Jacob  Braude,  Nexo  Treasury  of  Stories  for  Every 
Speaking  and  Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.'s.) 

Trusted  Computing  System  Evaluation  Criteria  (TCSEC)— see  Orange  Book 

We  can  lick  gravity,  but  sometimes  the  paperwork  is  overwhelming.  (Wemher  von 
Braun,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  438.) 

f  Test 

A  statistical  technique  that  can  determine  whether  one  group  of  numerical  scores  is 
statistically  higher  or  lower  than  another  group  of  scores  (IRMC  Measuring  Results  of 
Organizational  Performance  Course). 

Aristotle  maintained  that  women  have  fewer  teeth  than  men,  although  he  was  twice 
married,  it  never  occurred  to  him  to  verify  this  statement  by  examining  his  wive^s  mouths. 

He  said  also  that  children  would  be  healthier  if  conceived  when  the  wind  is  in  the  north. 

One  gathers  that  the  two  Mrs.  Aristotles  both  had  to  run  out  and  look  at  the  weathercock 
every  evening  before  going  to  bed.  (Bertrand  Russell,  Leo  Rosten's  Carnival  of  Wit,  E.  P. 

Dutton  &  Co.,  New  York,  1994,  p.  341.) 

Tunneling 

Use  of  launching  applications  by  ordinary  users  to  circumvent  firewall  protocols  by 
disguising  incoming  and  outgoing  traffic  as  hypertext  transfer  protocol.  With  tunneling, 
users  can  access  Napster  and  Gnutella,  retrieve  e-mail  from  Hotmail  accoimts,  and 
download  prohibited  materials  from  restricted  Web  sites.  It  also  creates  an  opening  for 
malware  to  enter  the  network. 

The  Ostrich  Syndrome:  Stick  your  head  in  the  sand  and  maybe  it  will  go  away. 
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Unified  Modeling  Language  (UML) — see  IDEFIX 

A  language  for  specifying,  constructing,  visualizing,  and  documenting  the  artifacts  of 
a  software-intensive  system.  In  an  elaborative  approach,  developers  create  models,  add 
details,  and  evolve  the  model  into  the  actual  system.  See  http://  www.omg.org  (IRMC 
Advanced  Information  System  Acquisition  Course). 

If  someone  uses  a  finger  to  point  out  the  moon  to  another  person,  if  that  person  takes 
the  finger  to  be  the  moon,  he  will  not  only  fail  to  see  the  moon,  but  he  will  also  fail  to  see  the 
finger.  (Buddha,  The  Surangama  Sutra,  Taisho  945.) 

Uniform  Computer  Information  Transactions  Act  (UCITA) 

Recognizes  software  licenses  (rather  than  sold)  to  consumers  and  protects  the 
licensors.  Recognizes  "clickwrap"  agreements;  establishes  imiform  law  respecting 
electronic  signatures  and  authentication;  recognizes  action  of  electronic  agents  (IRMC 
Advanced  Information  System  Acquisition  Course). 

There  is,  however,  a  limit  at  which  forbearance  ceases  to  be  a  virtue.  (Edmund  Burke, 

1727-97,  Observations  on  a  Publication,  "The  Present  State  of  the  Nation,"  1769,  from  The 
Oxford  Dictionary  of  Quotations,  Oxford  University  Press,  New  York,  1980,  p.  108,  No.  13.) 

Uniform  Resource  Locator  (URL) 

URL  is  the  title  of  Internet  addresses.  Formerly  they  began  with  http:/ /  then 
http:  /  /  WWW  to  indicate  the  World  Wide  Web  was  being  addressed  as  opposed  to 
gophers  or  FTP.  Browsers  will  now  usually  add  the  http  prefix  automatically  and  some 
Web  addresses  do  not  include  the  www  designation.  URLs  have  a  relatively  fixed  format 
using  slashes  to  delineate  sub-sites  and  periods  to  differentiate  the  type  of  object  (e.g., 
html).  Browsers  also  provide  storage  for  favorite  or  much-used  URL  addresses.  Many 
applications  (e.g.  MS  Word  and  Excel)  allow  the  user  to  click  on  a  hyperlink  (which  has  a 
URL  that  is  underlined  and  in  color,  usually  blue  or  red)  to  access  its  site.  Alternately,  the 
user  can  copy  the  URL  to  the  clipboard  and  paste  it  into  a  browser.  Care  must  be  taken  to 
avoid  copying  (e.g.  leaving  out  the  first  or  last  letter)  or  pasting  errors  (including  a 
grammatical  mark  such  as  a  parenthesis).  Either  error  will  usually  generate  an  error 
message  in  the  browser. 

The  development  of  general  ability  for  independent  thinking  and  judgment  should 
always  be  placed  foremost,  not  the  acquisition  of  special  knowledge.  (Albert  Einstein,  Leo 
Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  483,) 

Uninterruptible  Power  Supply  (UPS) 

A  power  back-up  system  (usually  relying  on  batteries)  to  prevent  a  system  from 
crashing  due  to  a  power  outage.  UPSs  are  often  included  in  continuity  of  operations  plans 
and  other  system  continuity  or  disaster  recovery  efforts. 
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It  can  be  predicted  with  all  security  that  in  fifty  years  light  will  cost  one  fiftieth  of  its 
present  price,  and  in  all  the  big  cities  there  will  be  no  such  thing  as  night.  (J.  B.  S.  Haldane, 

British  scientist  and  author,  quoted  by  Andre  Maruois  in  Le  Figaro,  February  3, 1927  as 
quoted  by  Christopher  Cerf  and  Victor  Navasky  in  The  Experts  Speak,  Villard,  NY,  1984  p 
232.) 

Something  I  learned  long  ago.  It  is  not  necessary  to  know  what  a  person  is  afraid  of.  It  is 
enough  to  know  the  person  is  afraid.  (Lawrence  Block,  The  Sins  of  the  Fathers,  Dark  Harvest 
Arlington  Heights,  IL,  1976,  p.  84.) 

Unit  of  Analysis 

The  cases  for  which  data  is  collected,  recorded,  analyzed,  and  reported.  The  horizontal 
rows  in  a  database  (IRMC  Measuring  Results  of  Organizational  Performance  Course). 

Measurement  inevitably  means  evaluating  things  by  the  standards  of  the  past ...  we 
cannot  measure  tomorrow  when  we  don't  know  what  it  will  involve.  (Stephen  Denning,  The 
Springboard,  Butterworth-Heinemann,  Boston,  2001,  pp.  189-190.) 

Urban  Legends — see  Hoaxes  and  Myths 

Stories  which  constitute  modern  folklore  and  are  frequently  transmitted  over  the 
Internet,  generally  by  e-mail.  Some  relay  wisdom  and  would  qualify  as  teaching  stories, 
others  are  strange,  humorous,  or  just  plain  scary.  Jan  Harold  Brunvald  has  written  several 
books  on  them  (e.  g.  Curses!  Broiled  Again!  The  Hottest  Urban  Legends  Going,  W.  W.  Norton 
&  Co.,  NY,  1989)  and  refers  to  them  as  folklore  or  "Xeroxlore"  (page  11).  Most  of  them  are 
completely  imaginable,  but  some  are  based  on  or  inspired  by  actual  incidents  or  scenes  in 
movies,  television,  etc.  Often  they  refer  to  "a  friend  of  a  friend"  or  FOAF  (see  pp.  102  and 
175).  Typical  examples  include  the  "Little  Buddy"  type  stories  in  which  a  child  is  said  to 
be  suffering  from  an  incurable  disease  and  wishes  to  receive  post  cards  or  e-mails  from  a 
lot  of  people  (pp.  227-39).  Sometimes  small  post  offices  can  be  overwhelmed  with 
responses  to  these  stories. 

When  received  by  e-mail  they  may  be  signed  with  the  smile  or  two  smile  signs  if  the 
sender  is  not  asserting  their  veracity  (i.  e.  thinks  it  is  a  joke  or  story  versus  a  legend  which 
is  asserted  by  the  speaker  or  sender  as  true):  a  colon  followed  by  a  dash  and  then  a  close 
parenthesis.  Indeed,  Microsoft  Word's  autocorrect  will  translate  this  symbol  into  a  smiley 
face  automatically!  (see  p.  232  of  Curses!  Broiled  Again !  and  p.  2  of  Brunvand's  The 
Vanishing  Hitchhiker—American  Urban  Legends  and  Their  Meanings,  W.  W.  Norton,  NY, 
1981).  Identification  of  them  as  urban  legends  is  complicated  by  the  process  of 
polygenesis  in  which  the  retellers  independently  invent  details  which  add  apparent 
verisimilitude  to  the  stories  {The  Vanishing  Hitchhiker,  page  33j  as  well  as  the  development 
of  regional  "oikotypes"  or  versions  (The  Vanishing  Hitchhiker,  page  37),  and  communal  re¬ 
creation  which  includes  normal  storyteller  modifications  (p.  193).  Such  legends  are  also 
referred  to  as  Xeroxlore  (pp.  2  and  427)  because  people  frequently  Xerox  copies  to  give 
to  friends  and  co-workers. 

Professor  Brunvand  solicits  your  urban  legends.  You  can  submit  them  directly  to  him: 
Professor  Jan  Harold  Brunvand,  Department  of  English,  University  of  Utah,  Salt  Lake 
City,UT,  84112. 
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He  has  also  published: 

The  Choking  Doberman  and  Other  "New"  Urban  Legends,  W.  W.  Norton,  NY,  1984. 

The  Mexican  Pet— More  "New"  Urban  Legends  and  Some  Old  Favorites,  W.  W.  Norton, 
NY,  1986. 

Too  Good  To  Be  True— The  Colossal  Book  of  Urban  Legends,  W.  W.  Norton,  NY,  1999,  and 

others. 

There  are  also  books  by  other  writers  such  as: 

Dale,  Rodney,  1933-/f 's  True,  It  Happened  To  A  Friend:  a  collection  of  urban  legends, 
London:  Duckworth,  1984,  as  well  as  many  other  authors  and  books.  You  can  search  the 
Library  of  Congress  Web  site  for  Urban  Legends  to  obtain  an  extensive  list. 
http:/ /catalog.loc.gov. 

There  has  also  been  at  least  one  motion  picture:  Urban  legend/ a  Neal  H.  Moritz/ Gina 
Matthews  production;  Phoenix  Pictures;  directed  by  Jamie  Blanks;  produced  by  Neal  H. 
Moritz,  Gina  Matthews,  Michael  McDonnell;  screenplay,  Silvio  Horta.  United  States: 
TriStar  Pictures,  1998. 

And,  a:  Conference  on  Contemporary  Legend  (1982:  University  of  Sheffield) 
Perspectives  on  contemporary  legend:  proceedings  of  the  Conference  on  Contemporary 
Legend,  Sheffield,  July  1982/edited  by  Paul  Smith.  Sheffield  [South  Yorkshire:  Centre  for 
English  Cultural  Tradition  and  Language,  University  of  Sheffield,  1984. 

There  are  also  several  Web  sites  such  as:  http:  /  / www.urbanlegends.com/ 

http:  /  /  WWW. delta-9.com/net47  /  myth/ 

http:  /  /  w\\^v.snopes2.com/spoons/spoons.htm 

http:  /  /  www.ulrc.com.au/ 

(see  hoaxes  above  for  more). 

6.  (Mar's  Law):  Everything  is  linear  if  plotted  log-log  with  a  fat  magic  marker.  (David 
Akin,  professor  at  the  University  of  Maryland,  "Akin's  Laws  of  Spacecraft  Design"  Dr.  Akin 
dakin@umd.edu  or  DAK1N@SSL.UMD.EDU.  See  littp: /  /spacccraft.ssl.umd.edu,/ 
academics /akins  laws.html.) 

Usenet 

Usenet  groups  are  more  commonly  known  as  "newsgroups."  There  are  thousands  of 
groups  hosted  on  himdreds  of  servers  aroimd  the  world,  dealing  with  various  topics. 
Newsreader  software  is  required  to  properly  download  and  view  "articles"  in  the  groups, 
but  you  can  usually  "post"  an  article  to  a  group  simply  by  e-mailing  it  (Glossary  ofIM/IT  & 
KM  Terms). 

News  and  current  events:  http:/ / www.dtic.mil / dtic/ digest/ digest2001-3/ 

Search  Usenet  database:  http:  /  / usenet-addresses.mit.eduZ 
Usenet  FAQs:  http:  /  /  www.faqs.org/  fags/ 
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Infocenter  Launch  Pad:  http: // www.ibiblio.org/usenet-i / 

Usenet  history:  http://vvvvvv.vrx.npt/usenet/history/. 

News  is  the  process  of  making  not  very  much  out  of  practically  nothing.  (John  D. 

MacDonald,  One  More  Sunday,  Knopf,  New  York,  1984,  p.  202.) 

Utility  Theory — see  Asymmetrical  Dominance  and  Decision  Theory 

A  modification  to  the  standard  LaPlace  approach  to  decision  theory  that  compensates 
for  asymmetric  dominance — which  causes  people  to  value  outcomes  differently  based 
upon  the  context  (personal  value,  risk,  etc.)  versus  the  monetary  value  (expected  value). 
Utility  theory  replaces  numerical  values  (dollars)  with  the  "utility"  of  particular  outcomes 
to  the  decision  makers. 


Perhaps  more  than  anything  else,  knowers  do  not  evaluate  items  of  knowledge 
independently,  but  as  part  of  an  overall  context.  Paying  attention  to  the  contextual 
properties  of  data  in  order  to  make  sense  of  the  world  takes  place  not  only  at  the  basic 
sensory  or  perceptual  levels  (e.g.,  news  that  the  temperature  is  30  degrees  in  January  has 
different  meaning  and  would  be  valued  differently  depending  on  whether  we  are  talking 
about  San  Diego  or  Minneapolis),  but  also  with  respect  to  higher-level  cognitive  activities. 

For  example,  an  important  piece  of  knowledge  with  significant  marketing  implications  for 
the  firm  is  the  "utility"  a  consumer  has  for  one  product  when  compared  with  another.  In 
expressing  preference  between  two  items,  A  and  B,  the  overall  set  in  which  A  and  B  are 
embeddeci  (e.g.,  the  presence  of  a  third  object  C)  may  influence  the  relative  rankings  that  an 
individual  gives  to  A  versus  B.  (Rashi  Glazer,  "Measuring  the  Knower:  Towards  a  Theory 
of  Knowledge  Equity,"  California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40, 

Issue  3,  pp.  175-194.) 

Similarly,  the  maximin  and  minimax  techniques  either  attempt  to  maximize  the  gain 
or  minimize  the  loss,  thus  placing  greater  value  or  lesser  value  on  the  strict  La  Place 
expected  values: 

An  important  and  frequently  encountered  type  of  context  that  knowers  rely  on  is  the 
way  a  particular  situation  is  framed  or  a  problem  represented.  As  is  true  with  context  in 
general,  framing  considerations  operate  at  the  basic  sensory  or  perceptual  levels,  but  the 
more  interesting  cases  involve  higher  order  cognitive  activities.  Staying  within  the  realm  of 
preference  judgments,  for  example,  it  has  been  shown  that  the  negative  properties  of  stimuli 
tend  to  be  weighted  more  heavily  than  the  positive  ones.  Consequently,  whether  a  problem 
is  framed  in  terms  of  gains  or  losses  often  has  a  dramatic  effect  on  the  interpretation  or 
meaning  given.  Thus,  if  asked  to  decide  between  two  "positive  gambles"— A,  where  there  is 
a  50  percent  chance  of  winning  $1,000  (and  50  percent  of  winning  nothing)  or  B,  winning 
$500  for  certain  a  typical  respondent  will  choose  B.  On  the  other  hand,  if  asked  to  decide 
between  two  "negative  gambles"— C,  where  there  is  a  50  percent  chance  of  losing  $1,000 
(and  50  percent  of  losing  nothing)  and  D,  of  losing  $500  for  certain — the  same  respondent 
will  choose  C.  Indeed,  the  pattern  of  results  holds  even  when,  for  the  "positive  gambles," 
the  decision  maker  is  given  an  endowment  of  $1,000  to  start  and,  for  the  "negative 
gambles,"  an  initial  endowment  of  $2,000 — in  which  case,  all  four  options  are  formally 
identical  (leaving  the  individual  with  the  same  expected  value  of  wealth  of  $1,500). 

Nevertheless,  despite  the  formal  equivalence  among  the  problems,  knowers  evaluate  the 
two  situations  quite  differently.  (Rashi  Glazer,  "Measuring  the  Knower:  Towards  a  Theory 
of  Knowledge  Equity,"  California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40, 

Issue  3,  pp.  175-194.) 
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Validation 

1)  Process  of  applying  specialized  security  test  and  evaluation  procedures,  tools,  and 
equipment  needed  to  establish  acceptance  for  joint  usage  of  an  information  system  by  one 
or  more  departments  or  agencies  and  their  contractors  {Glossury  oflM./IT  &  KM.  Tbtms). 

2)  The  process  of  determining  if  a  proposed  conclusion  is  appropriate  to  the  means 
used  to  reach  that  conclusion.  Validation  does  not  determine  if  the  conclusion  is  correct  or 
not.  Rather,  the  process  of  validation  determines  if  the  assumptions  (implicit  or  explicit) 
are  appropriate;  the  activities,  data  collection  procedures,  and  techmques  used  were 
legitimate  and  properly  orchestrated  (e.g.,  experiments  were  double  blind  and  results 
were  statistically  significant);  and  the  conclusions  follow  logically  from  the  results  of  the 
investigation  or  research.  Validation  implies  reliability  but  reliability  does  not  imply 
validation.  Reliability  is  necessary,  but  not  sufficient,  for  validation. 

Ignorance  defends  itself  savagely.  (Ursula  K.  LeGuin,  Four  Ways  to  Forgiveness,  Harper 
Prism,  New  York,  1995,  p.  197.) 

Validity — cf.  Concurrent,  Content-Oriented,  Criterion-Referenced,  Face,  Predictive 
Validity,  Sampling  Validity 

The  characteristic  of  a  measurement  instrument  that  shows  the  degree  to  which  it 
measures  the  specific  factor  it  intends  to  measure  (IRMC  Measuring  Results  of 
Organizational  Performance  Course).  It  must  be  reliable  to  be  valid.  In  a  generic  sense, 
validity  does  not  prove  truth,  but  only  the  acceptability  of  the  methods  used  to  reach  a 
specific  conclusion.  It  also  depends  upon  the  assumptions  (and  other  tacit  or  implicit 
factors)  used  or  held  by  the  experimenters. 

They  simply  refused  to  be  confused  by  the  facts.  (Sydney  Omar,  My  World  of  Astrology, 

Fleet  Publishing,  1965,  p.  48.) 

Value-Added  Network  (VAN) 

A  network  using  the  communication  services  of  other  commercial  carriers,  using 
hardware  and  software  that  permit  enhanced  telecommunications  services  to  be  offered. 
Historically,  organizations  using  electronic  data  interchange  (EDI)  typically  relied  on 
specialized  firms  called  VANs  for  technical  assistance.  Organizations  now  look  to  their 
VANs  for  assistance  in  using  the  Internet.  VANs  provide  technical  support;  help  desk  and 
troubleshooting  for  EDI  and  telecommimications  problems.  They  assist  in  configuration 
of  software,  upgrades  to  telecommunications  connectivity,  data  and  computer  security, 
auditing  and  tracing  of  transactions,  recovery  of  lost  data,  and  service  reliability  and 
availability  {Glossary  oflM/IT  &  KM  Terms). 

Indeed,  there  is  a  real  danger  that  KM  will  become  discredited  if  it  proceeds  in 
ignorance  of  these  large  extant  literatures,  thereby  creating  unnecessary  intellectual  clutter 
and  confusion.  (David  J.  Teece,  "Research  Directions  for  Knowledge  Management," 

California  Management  Revieio,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp.  289-292.) 
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Vampire  Tap 

A  vampire  tap  is  a  connection  to  a  coaxial  cable  in  which  a  hole  is  drilled  through  the 
outer  shield  of  the  cable  so  that  a  clamp  can  be  connected  to  the  inner  conductor  of  the 
cable.  A  vampire  tap  is  used  to  connect  each  device  to  thinnet  coaxial  cable  in  the  bus 
topology  of  an  Ethernet  10  base-t  local  area  network  {Glossary  ofIM/IT  &  KM  Terms). 


Once  upon  a  midnight  dreary, 

while  I  pondered  weak  and  weary, 
Over  many  a  quaint  and  curious  volume 
of  forgotten  lore. 

While  1  nodded,  nearly  napping, 
suddenly  there  came  a  tapping, 

As  of  someone  gently  rapping, 
rapping  at  my  chamber  door. 


(Edgar  Allan  Poe,  1809-1849,  The  Raven,  1845,  from  The  Oxford  Dictionary  of  Quotations, 

Oxford  University  Press,  New  York,  1 980,  p.  375,  No.  4.) 

Verication  (to  Vericate) 

To  test  the  reasonableness  by  consulting  a  trusted  ally;  to  determine  the 
reasonableness  or  soundness,  validation  of  information  grounded  by  the  implicit  {Glossary 
ofIM/lT  &  KM  Terms).  Mavens  are  optimal  sources  of  verication  that  is  based  upon  the 
epistemology  of  authority.  However,  there  is  a  tendency  for  humans  to  be  affected  by  the 
halo  effect,  in  which  a  general  view  of  another  person's  expertise  is  created  when,  in  truth, 
that  person  is  only  knowledgeable  in  specific  areas  of  knowledge  (domains).  A  maven  is 
not  a  Renaissance  man  knowledgeable  about  everything.  Thus,  verication  is  a  risky 
technique  unless  carefully  employed.  Nevertheless,  it  is  a  very  natural  and  quick  one.  If 
one  considers  the  possible  consequences  of  an  incorrect  answer  sufficiently,  verication  can 
be  cost-effective. 

1  am  a  democrat,  but  the  idea  that  a  gang  of  anybodies  may  override  the  opinion  of  one 
expert  is  preposterous  nonsense.  Only  individuals  think;  gangs  merely  throb.  (Robertson 
Davies,  The  Papers  of  Samuel  Marchbanks,  from  The  Diary  of  Samuel  Marchbanks,  Irwin 
Publishing,  Toronto,  1985,  p.  29.) 

Video  Privacy  Protection  Act  (VPPA),  18  U.S.C.  §  2710 

This  act  prohibits  videotape  sale  or  rental  companies  from  disclosing  data  about 
customers  without  consent  or  court  order;  it  has  civil  penalties  (IRMC  Assuring  the 
Information  Infrastructure  Course). 

All  the  things  1  really  like  to  do  are  either  immoral,  illegal,  or  fattening.  (Alexander 
Woolcott,  Leo  Rostcn's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  96.) 

Video  Teleconferencing  (VTC) 

VTC  uses  normal  telephone  lines  to  provide  video  (closed-circuit  television)  as  well  as 
audio  (sound)  and  sometimes  digital  data  also  (thus  full  WD  can  be  made  available).  A 
single  phone  line  provides  64  kbps,  which  is  insufficient  for  VTC;  a  minimum  of  two  lines 
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are  used  to  provide  128  kbps.  Additional  video  quality  is  available  by  adding  bandwidth 
(more  simultaneous  phone  lines),  but  quality  depends  on  the  lowest  bandwidth  user  in  a 
VTC  connection.  Proprietary  software  packages  can  improve  quality  without  expanding 
bandwidth,  but  the  users  in  a  connection  must  have  the  same  software  package.  If  not,  the 
standard  package  provides  lesser  picture  quality .  A  single-point  connection  is  created 
between  two  users.  For  a  conference  at  more  than  two  locations,  a  bridge  unit  is  needed  to 
create  a  multipoint  conference.  Normally,  each  user  sees  only  one  other  user,  but  some 
specialized  software  can  be  used  to  create  a  split  screen  image  (up  to  four  other  users  can 
then  be  simultaneously  viewed  on  one  screen). 

With  proper  equipment  and  software,  users  can  simultaneously  manipulate  a  shared 
file  on  computers  attached  to  their  VTCs.  Use  of  VTC  can  reduce  travel  costs  and  risks, 
and  save  travel  time.  However,  while  a  VTC  is  greatly  superior  to  a  telephone  conference 
(one  can  view  some  expressions  and  hand  movements,  etc.),  it  is  definitely  inferior  to  a 
physical  conference — as  demonstrated  in  the  NASA  Challenger  incident  during  which  a 
conference  failed  to  convey  to  attendees  the  full  impact  of  the  situation  reputedly  due  to  a 
lack  of  non-verbal  communications  cues.  Full  nonverbal  and  tonal  clues  are  not  available 
in  a  VTC.  Thus,  VTCs  are  very  useful  to  replace  travel  between  known  persons  (who 
might  reduce  travel  from  monthly  to  semi-annually,  for  instance),  in  order  to  reduce 
costs,  while  still  maintaining  personal  contact.  VTCs  cannot  provide  the  psychological 
and  informal  benefits,  for  instance,  of  shared  meals  and  nonwork  time  spent  together. 

This  is  especially  important  for  international  programs. 


Men  trust  their  ears  less  than  their  eyes.  (Herodotus,  Book  I,  Chapter  8,  c.  485^25  B.C., 
from  Familiar  Quotations  by  John  Bartlett,  Little,  Brown  &  Co.,  Boston,  1968,  p.  86b.) 


Virtual  Collaboration 

Two  or  more  people  working  together  (usually  simultaneously,  in  real-time)  at 
different  physical  locations.  Application  tools  can  enable  a  group  of  people  to  collaborate 
in  real-time  over  the  network  using  shared  screens,  shared  whiteboards,  and  video 
conferencing.  Collaboration  can  range  from  two  people  reviewing  a  slide  set  online  to  a 
conference  of  doctors  at  different  locations  sharing  patient  files  and  discussing  treatment 
options.  The  Navy  medical  commimity,  for  instance,  saved  considerable  travel  ftmds  as 
well  as  a  great  deal  of  stress  on  patients  by  creating  a  video  teleconferencing  link  between 
their  hospital  in  Hawaii  and  remote  island  facilities.  Corpsmen  on  these  small  facilities 
could  consult  with  specialists  in  the  Pacific  Fleet  in  real  time,  with  the  patient  present  on¬ 
site,  but  viewable  in  Hawaii.  Virtual  reality  techniques  can  also  be  used  to  operate  at  a 
distance — actual  physical  collaboration  via  telemetry.  Virtual  collaboration  is  a  major 
technique  used  by  knowledge  net  workers.  See  http:/  / www.involv.net  for  Web  teams 
(IRMC  Critical  Information  Systems  Technologies  Course). 

http:  /  /  www.azla.org  / 2001  /p026.html 

http:  /  /  www.fullcirc.com/community  /  vircollab.htm 

http-  /  /ivww-fp.mcs.ani  .gov  /f1  /accessgrid  /  tutorial-dec99-presentations/ d  is^ 

tutorial-dec99/sld010.htm 

http:  /  /pigtrail.uark.edu/  news/ 1999 /OCT99/  smalkhtml. 


361 


Nothing  is  more  destructive  to  inquiry  and  the  knowledge  inquiry  brings  than  to  carry 
about  with  one  a  standard  way  of  how  everything  should  be  done  ...  there  is  no  foreign 
custom,  however  absurd  it  may  seem  to  us,  that  cannot  be  paralleled  by  a  custom  of  our 
own.  (Lord  Dunsany,  "Seeing  the  World,"  The  Ghosts  of  the  Heaviside  Layer,  Owlswick  Press 
Philadelphia,  PA,  1980,  p.  220.) 

Virtual  Integration 

The  process  of  incorporating  extant  legacy  systems  into  a  new,  overarching  system 
without  physically  merging  the  original  systems  or  databases.  In  reality,  the  preexisting 
systems  are  made  interoperable  using  middleware  and  input/output  modifications 
(interfacing  changes).  However,  the  user  interface  is  created  so  as  to  make  system 
connections  invisible  to  the  user.  Thus,  it  looks  to  the  user  like  an  integrated  system, 
though  it  actually  is  not.  In  fact,  the  legacy  applications  are  often  hosted  at  far-flung 
locations  and  connected  through  the  Internet  or  an  intranet.  Similar  to  software  overlays, 

required  programs,  data,  and  information  are  often  downloaded  to  the  user  interface  as 
needed. 


I  swear,  if  jumping  weren't  allowed  she'd  never  get  to  a  conclusion.  (Lawrence  Block, 

The  Burglar  Who  Liked  to  Quote  Kipling,  Dutton,  NY,  1996,  p.  180.) 

Virtual  Private  Network  (VPN) 

A  linkage  and  technique  for  improved  security  between  remote  sites.  It^s  especially 
useful  for  mobile  and  telecommuter  users.  A  remote  user  accesses  the  Internet  service 
provider  (ISP)  through  via  dial-up  (via  local  number  or  long  distance  toll-free  number 
[800  or  888  area  code]),  digital  subscriber  line,  interated  services  digital  network,  mobile 
Internet  protocol,  [no,  regular  internet  service  provider  is  insufficient]  cable,  etc.  The 
organization  connects  to  the  same  ISP.  The  ISP  provides  the  secure  linkage  (VPN) 
connecting  the  two.  (See  Cisco  VPN  services  site: 
http:  /  /  www.cisco.com  /  warp  /public  /(-c  /so  /neso  /  vpn  /  vpne  / 
llttp:/ / vvvvw.cisco.eom/warp/publir/7.12/Tech /unified  vpn /. 

For  remote-access  VPN:  When  the  service  is  client-initiated,  security  is  provided  via  an 
encrypted  tunnel  using  IPSec  layer  two  Tunneling  protocol  (L2TP)  or  point-to-point 
tunneling  protocol  (PPTP).  Client  software  is  required.  When  the  service  is  server- 
initiated,  security  is  provided  by  a  secure  tunnel  from  the  organization  through  the  single 
ISP  via  L2TP  or  L2F.  Clients  connect  to  the  ISP  without  the  need  for  client  software  and 
the  Internet  is  not  used.  The  last  mile  to  the  client  is  not  encrypted  (from  IRMC  Managing 
Networked  Security  in  a  Networked  Environment  Course). 

For  Intranet  access  VPN:  It  links  together  specific  domains  within  an  organization 
(e.g.,  human  resources,  financial,  logistics).  It  is  useful  in  establishing  a  network  for 
controlled,  limited  distribution  information.  While  users  share  the  same  physical 
infrastructure,  they  are  logically  separated  into  VPN  domains. 

For  extranet  access  VPN:  The  need  for  dedicated  circuits  is  replaced  by  extending  an 
intranet-like  service  to  external  organizations.  This  can  help  smaller,  less  resourced 
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partners.  It  can  be  limited,  however,  due  to  varying  levels  of  trust  and  resulting  security 
needs.  Competing  partners  must  be  kept  separated,  for  instance. 

Generally,  VPN  does  not  require  modification  of  legacy  applications  (as  does  public 
key  infrastructure),  is  transparent  to  users,  and  can  support  multiple  network  services 
and  protocols.  It  may,  however,  require  client-based  software,  may  exhibit  some  bugs  in 
new  software,  and  may  not  be  interoperable  between  vendors.  Of  particular  importance  is 
the  ISP's  geographic  coverage,  scalability,  quality  of  service,  and  network  performance. 
Also,  some  providers  subcontract  to  expand  coverage  and  quality  can  vary  for  voice, 
video,  and  data. 

There  are  many  systemic  dampers  on  innovation  today.  Hammer  and  Champy,  for 
example,  have  referred  to  some  of  these:  they  assert  that:  When  too  many  yes  s  required, 
but  only  one  'no'  there  is  a  built-in  innovation  damper.  They  also  allude  to  "diseconomies  of 
scale"  which  occur  due  to  overhead  costs.  Such  situations  indicate  that  there  are  optimal 
sizes  for  organizations.  Situations  are  not,  therefore,  homogeneous.  Tailoring  (e.g.  use  of 
VPNs)  can  be  necessary.  (Michael  Hammer  and  James  Champy,  Reengineering  the 
Corporation,  Harper  Business,  New  York,  1993,  p.  29.) 

Well-informed  people  know  it  is  impossible  to  transmit  the  voice  over  wires  and  that 
were  it  possible  to  do  so,  the  thing  would  be  of  no  practical  value.  (Editorial  in  the  Boston 
Post,  1865,  quoted  by  Christopher  Cerf  and  Victor  Navasky  in  The  Experts  Speak,  Villard, 

NY,  1984,  p.  227.) 

The  human  animal  needs  a  freedom  seldom  mentioned,  freedom  from  intrusions.  He 
needs  a  little  privacy  quite  as  much  as  he  wants  understanding  or  vitamins  or  exercise  or 
praise.  (Phyllis  McGinley,  quoted  by  Herbert  V.  Prochnow  and  Herbert  V.  Prochnow,  Jr.,  in 
The  Toastmaster's  Treasure  Chest,  Harper  &  Row,  NY,  1979,  p.  230.) 

Virtual  Reality  (VR) 

Artificial  worlds  created  on  computers  that  simulate  different  realities.  Many 
computer  games  create  virtual  worlds,  but  VR  enables  the  user  to  step  into  and  interact 
within  the  world.  VR  can  help  teach  doctors  how  to  perform  surgery  or  even  to  actually 
perform  it  at  a  distance.  In  true  VR,  almost  all  the  normal  human  senses  are 
accommodated.  The  old  3-D  movies  were  a  step  toward  VR.  Recent  attempts  to  add 
olfactory  inputs  are  another  step.  VR  today  generally  addresses  sight,  soimd,  and 
kinesthetics  (feel)  and  is  progressing  toward  odors.  Taste  may  be  next.  In  the  Serbian  and 
Bosnian  arenas,  bombing  runs  were  simulated  by  USAF  pilots  using  PowerScene  VR. 
http://www.cyberedge.com/ ;  http:  /  /  www.hitl.washington.ed.u/  scivw  /  youngblut- 
pdvr /D2128.pdf:  blip:  /  /www-vrl.umich.edu/;  http:  /  /www.hitl.washinston.eduZ 
kb /on thenet.html:  (IRMC  Critical  Information  Systems  Technologies  Course).  VR 
Taxonomy  includes:  cab  simulators  (location-based  entertainment),  projected  reality 
(mirrorworld  and  Mandala  systems),  augmented  reality  (uses  head  displays,  access  to 
diagrams,  parts,  and  lists,  Boeing  prime  user),  telepresence  (projecting  your  presence  to  a 
different  location,  operating  equipment  or  robots,  medical  applications),  desktop  VR  (uses 
personal  computers),  visual  coupled  displays  (most  popular,  head-mormted  devices 
(HMDs),  head  tracking,  immersive  sensation),  and  spatially  immersive  displays  (theater 
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environment,  for  large  groups,  most  popular  is  "Cave")  (IRMC  Advanced  Software 
Acquisition  Management  Course). 


Examples  of  Virtual  Reality  Usage 


Functional  Area 

Application 

- J  "O 

Function/Payoff 

Education 

VR  Simulator 

Train  bus  drivers 

Education 

Motorola 

On-site  training 

Education 

National  Guard 

Tank  training 

Education 

Boston  Computer 
Museum 

Cell  biology  education 

Education 

Astronaut  Space  Walk 

Astronaut  training 

Acquisition/design 

Electric  boat 

Mockup  of  submarine 

Acquisition/design 

Rolls-Royce 

Model  of  improvements 

Acquisition  /  design 

U.S.  Army  ARDEC 

Weapons  design 

Acquisition/ design 

Stanford  University  CIS 

3-D  circuit  design 

Acquisition/ design 

Bechtel  Engineering 

3-D  wind  tunnel  design 

Medical 

Eye  tour 

- - — - Sj. _ 

Surgical  simulation 

Medical 

Acrophobia 

Elimination  of  fear 

Medical 

Virtual  Human 

Surgical  and  medical  training 

Medical 

Deep  Vision 

- ; — ^ - - - i -  Q 

Virtual  surgery 

Medical 

VR  Simulator 

Patient  rehabilitation 

httP-V  / wwvv.hitl.vvashington.edu  /kb/education.html  Virtual  Reality  Modeling 
Language  (VRML).  Could  be  used  for  3-D  help  desks,  real-time  shopping/eCommerce, 
could  be  integrated  with  hypertext  markup  language  and  placed  on  the  Internet  (IRMC 
Advanced  Software  Acquisition  Management  Course). 

VR  Moon  Phase  pictures;  http;  /  / tycho.usno.navy.mil  /vphase.html 

VR  Society;  http;  /  /www.vrs.org.iik  / 

VR  Games;  http;/  / wvvw.worldwideamu.sements.rom  /Results. h:»l?rnd= 

6761  &cart=1 02079445 1 1 1 4238&ca  tegorv=2&starta  t-I 

VR  Rentals;  http;/  / www.interactiveparty.com  /hi-tech. html. 

31.  (Mo's  Law  of  Evolutionary  Development)  You  can't  get  to  the  moon  by  climbing 
successively  taller  trees.  (David  Akin,  professor  at  the  University  of  Maryland,  "Akin's 
Laws  of  Spacecraft  Design"  Dr.  Akin  dakinCakimd.edii  or  D.AKIN@SSI..UMD.F,DI  I.  See 
http:/ /spacecraft. ssl. umd. edu / acadc'mics/akins  law.s.html . ) 

Viruses 

Viruses  are  the  most  well  known  type  of  malicious  code.  They  are  self-replicating, 
infecting  files  on  a  computer.  They  tend  to  be  relatively  slow  moving  (taking  days  or 
weeks  to  infect  a  network  community).  The  successful  spread  of  a  virus  depends  on  how 
long  it  can  go  undetected.  This  can  be  done  through  encryption  or  other  means.  Each 
virus  has  a  unique  signature  (bit  pattern)  that  can  be  used  for  virus  detection.  Antivirus 
programs  search  for  a  large  set  of  these  specific  signatures  in  order  to  detect  and  remove 
viruses— they  are  inherently  reactive  in  nature.  Significant  risks  of  virus  infection  occur 
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through  US6  of  piratod  software,  bulletin  boards,  shareware,  shared  personal  computers, 
or  free  floppy  disks.  The  best  defense  (in  addition  to  anti-virus  software)  lies  in  prudent 
network  administration  and  good  computer  hygiene.  Newer  multipartite  viruses  infect 
executable  files  (e.g.,  exe.  and  .com)  and  boot  sectors.  Companion  viruses  exploit  the 
property  that  operating  systems  will  prefer  to  exercise  a  .com  before  an  .exe  file  if  both 
have  the  same  name.  Macro  viruses,  which  automate  repetitive  keystrokes,  can  be 
embedded  in  word  or  excel  files,  for  instance.  The  “Hot”  macro  virus  deletes  documents 
14  days  after  their  infection.  Macros  may  be  the  greatest  present  threat.  This  type  is 
difficult  to  remove.  Simple  viruses  do  not  attempt  to  hide  themselves;  complex  viruses 
do. 


There  are  so  many  viruses  floating  around,  looking  for  a  home,  that  anybody  who 
needs  one  will  have  no  trouble  picking  up  one  that  suits  the  need.  (Robertson  Davies,  Th6 
Cunning  Man,  Viking  Penguin,  New  York,  1994,  p.  280.) 

Virus  databases: 
http:  /  /  vil.mcafee.com/ 

http:  /  /  www.drsolomon.com/ :  http:/  /  www.symantec.com/  avcenter/. 
h tip:  /  / www.sophos.com / virusinfo /  ; 
http:  /  /  www.symantic.com/avcenter/  index.html; 

Virus  Bulletin:  http:  /  / www.virusbtn.com/ 

Downloads:  https:  /  / infosec.navv.mil /TEXT /download.htmj. 


Virus  organizations: 

European  Institute  for  Computer  Anti-Virus  Research  (EICAR): 
http:/  /www.eicar.com/ 

International  Computer  Security  Association  (ICSA):  http:  /  / www.trusecure.coniZ 
and  http://www.infowar.eom/p  and  s/p  n  s  122397a.htm.l:ssi. 

Virus  data  and  hoaxes: 

Computer  security  patches: 

http:  /  /  office.microsoft.com/ downloads /9798/ Out98sec.a.§px 
Virus  Myths:  http:  /  /www .vmyths.com/ 

Virus  Web  site:  http:  /  /www.sarc.com/avcenter/ 

Anti  Virus  Research:  http:/  / www.research.ibm.com/ antivirus/ SciPapers.htm. 

Vision  and  Mental  Model— see  Learning  Organization 

In  a  business  sense,  vision  is  a  mental  and  emotional  "picture”  (can  actually  involve 
more  senses  than  sight)  of  the  future  towards  which  one  or  one's  organization  is  desired 
to  proceed.  Generally,  an  organization's  vision  is  promulgated  by  upper  management, 
but  in  truth,  it  only  becomes  a  true  organizational  vision  if  and  when  it  actually  pervades 
the  organization  and  becomes  part  of  corporate  culture.  Vision  statements  can  merely  be 
explicit  representations  of  a  vision,  a  means  of  communicating  the  new  direction  or 
paradigm  of  a  new  CEO,  or  hypocritical  "politically  correct"  hogwash  that  undermines 
management  credibility.  Management  needs  to  "walk  the  talk  in  order  to  make  the 
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vision  real,  but  leaders  must  also  “talk  the  walk”  and  make  their  implicit  or  tacit  vision 
substantial  by  communicating  it  explicitly.  Such  a  balanced  approach  is  mutually 
supportive. 

A  vision  is  based  upon  mental  model(s)  or  internal  pictures  of  the  world,  its  "as-is" 
and  its  to-be."  Communicating  these  mental  models  includes  "the  ability  to  carry  on 
learningful  conversations  that  balance  inquiry  and  advocacy,  where  people  expose  their 
own  thinking  effectively  and  make  that  thii4;ing  open  to  the  influence  of  others." 
Commimicating  a  vision  involves  enrollment  versus  compliance,  in  order  to  foster 
genuine  commitment.  Mental  models  depend  upon  inherent  assumptions.  Peter  Drucker 
refers  to  a  company's  assumptions  and  mental  model  as  its  "theory  of  business"  {Harvard 
Business  Review,  94506, 1994,  September-October)  and  asserts  that  "The  same  assumptions 
^at  had  helped  IBM  prevail  in  1950  proved  to  be  its  undoing  30  years  later,"  and  that 
"The  assumptions  on  which  the  organization  has  been  built  and  is  being  run  no  longer  fit 
reality."  Yet,  "Every  big,  successful  company  throughout  history,  when  confronted  with 
such  a  surprise,  has  refused  to  accept  it,"  despite  Kotter's  assertion  {Leading  Change, 
Jossey-Bass,  1995)  that  people  who  are  making  an  effort  to  embrace  the  future  are  a 
happier  lot  than  those  who  are  clinging  to  the  past"  (IRMC  Leadership  for  the  21" 

Century  Course). 


Our  experience  shapes  our  perception.  (Adam  Smith,  "The  Meditation  Game,"  The 
Atlantic  Monthly,  1975,  Vol.  236,  No.  4,  October,  p.  40.) 

Entities,  properties,  and  preferences  are  all  aspects  of  the  human  construction  of  the 
world  ...  It  is  essential,  however,  that  we  distinguish  in  that  construction  between 
phenomena  that  are  objectively  constructed  and  hence  coexistent  with  particular  entities, 
and  those  which  are  individual  opinions  and  merely  coincident.  (Elliott  Jaques,  Creativity 
and  Work,  International  Universities  Press  Inc.,  Madison,  CT,  1990,  pp.  288-289.) 

Voice  Application  Networks  (VANs)— see  Automatic  Speech  Recognition,  Networked 
Improvement  Community,  Natural  Language  Processing 

A  new  generation  of  telephone  technology  using  voice-activated  applications  to 
provide  access  to  Web-like  spoken  information  via  existing  telephone  lines  and 
equipment.  They  represent  an  important  new  tool  for  government  to  use  to  reach  many  of 
the  groups  currently  experiencing  limited  computer  access.  VANs  allow  the  same 
dynamic  information  interactions  developed  for  the  Internet  to  be  provided  by  telephone. 
In  response  to  a  caller  s  spoken  selection,  up-to-date  information  is  presented  in  a  natural¬ 
sounding  voice.  The  new  applications  are  based  on  voice  extensible  markup  language 
(XML),  and  deliver  the  required  information  through  a  combination  of  programmable 
interactive  voice  response  and  speech  recognition.  The  same  information  provided  on  a 
Web  site  could  be  navigated  by  voice  using  the  telephone,  provided  that  the  file  structure 
is  XML.  Advancements  in  this  technology  mean  that  the  voices  that  callers  hear  over  the 
telephone  are  quite  natural  sounding  and  user  friendly.  In  addition,  advances  in  voice 
acoustics  analysis  have  allowed  providers  to  build  highly  sensitive  recognition  models 
that  are  able  to  account  for  such  things  as  regional  accents  and  dialects. 

An  example  is  Utah  s  new  Traveler  Advisory  Telephone  and  Internet  system, 
developed  in  preparation  for  the  2002  Olympics.  The  service  will  integrate  information  on 
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weather-related  road  conditions,  accidents,  congestion,  and  construction  activities  into 
one  system.  The  same  information  is  available  by  Web  site  and  an  interactive  voice 
recognition  telephone  system.  The  dynamic  information  structure  capability  of  XML 
makes  it  possible  for  current  information  to  be  continuously  distributed  in  real-time  to 
both  services.  Those  unfamiliar  with  the  Internet  or  simply  traveling  by  car  can  call  the 
511  abbreviated  dialing  code.  Using  a  natural-sounding  voice,  the  Traveler  Advisory 
service  prompts  the  caller  with  questions.  Callers  respond  by  natural  speech  to  the 
prompts  and  are  provided  the  information  requested.  This  approach  mitigates  the  effects 
of  digital  disparities  by  providing  the  same  information  through  the  old  familiar  channel 
of  the  telephone  and  the  newer,  less  widely  available  Internet. 

VANs  are  maturing  in  power  and  popular  appeal  just  in  time  to  be  effectively  used  by 
localities  that  are  expanding  the  National  Nil  abbreviated  dialing  services.  Today,  411 
business  directory  services  and  911  emergency  services  are  most  widely  used  by  the 
general  public.  Soon  more  Nil  numbers  will  become  equally  known  and  available.  This 
nationwide  dialing  system  allows  telephone  users  to  connect  with  standard  service 
gateways  throughout  the  country  by  dialing  only  three  digits.  The  City  of  Hampton,  VA, 
opened  its  311  call  center  in  September  of  1999  to  provide  city  residents  with  24-hour-a- 
day,  seven-day-a-week  access  to  city  services  and  information,  ranging  from  reporting 
missed  trash  collection  to  answering  questions  about  the  city  budget.  The  service  has  been 
very  well  received,  and  public  satisfaction  with  the  service  has  been  extremely  high,  with 
the  call  center  receiving  an  average  of  600  calls  a  day  (May  2000)  (Susan  Turnbull,  The 
Federal  Architecture  and  Infrastructure  Committee  of  the  Federal  CIO  Coimcil's  guide. 
Extending  Digital  Dividends:  Public  Goods  and  Setvices  that  V^ovkfoT  All,  on  the  Federal  CIO 
Council  Knowledge  Management  Working  Group  CD  distributed  by  the  Department  of 
the  Navy  Chief  Irrformation  Officer,  202-501-6214,  or  susan.turnbull@gsa.gov). 

A  word  too  much  always  defeats  its  purpose.  (Arthur  Schopenhauer,  in  3,500  Good 
Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubleday,  Garden  City,  NY,  1983,  p.  225.) 

Voice,  Video,  and  Data  (VVD)— see  Data,  Video  Teleconferencing 

The  three  major  categories  of  information  commimications.  WD  can  be  transmitted 
over  phone  lines  or  by  other  means  (e.g.,  radio  frequencies).  Voice  is  aural  or  audio 
communications.  Video  is  pictorial,  visual,  television,  communications.  Data  is  computer 
(ones  and  zeros)  communications  between  machines. 

You'd  be  surprised  by  how  much  you  can  observe  by  watching.  (Yogi  Berra,  Leo 
Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  61.) 


Vortal,  http:  /  /www.webopedia  .com /TERM/ v/vortal.html 

Vertical  industry  portal  is  a  portal  Web  site  that  provides  information  and  resources 
for  a  particular  industry.  Vortals  are  the  Internet  s  way  of  catering  to  consumers  focused- 
environment  preferences.  Vortals  typically  provide  news,  research  and  statistics, 
discussions,  newsletters,  online  tools,  and  many  other  services  that  educate  users  about  a 
specific  industry.  As  the  W^eb  becomes  a  standard  tool  for  business,  vortals  will  join  and 
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maybG  replace  general  portal  sites  like  AOL  and  Yahoo!  as  common  gateways  to  the 
Internet. 

llLtp:/ /WWW,  vvherevvithal.com/pb/ep. html?trark-goto&:term=vortal 

http:  /  /  www.netbx.com  /  ?soiirre-overture 
http:/ / www.vortalgroup.com/index  flash.html 
http:  /  /  vertical-search.fusionbot.com/. 

[In  response  to  a  visitor  to  his  home  saying,  "Wow,  Yogi,  what  a  beautiful  mansion."] 

It's  nothing  but  a  bunch  of  rooms.  (Yogi  Berra,  The  Yo<;;i  Book,  Workman  Publications  New 
York,  1998,  p.  57.) 

Vulnerability 

A  weakness  in  a  system  that  potentially  allows  it  to  be  successfully  attacked  or 
exploited.  In  IT,  security  vulnerabilities  allow  hackers  and  crackers  into  a  system  so  that 
the  system  could  be  modified,  utilized  for  unauthorized  purposes,  destroyed,  or 
otherwise  misused.  Vulnerability  is  intimately  associated  with  risk. 

It  is  people's  sense  of  helplessness  and  powerlessness  that  first  creates  apathy  and  self- 
centeredness  and  eventually  leads  to  extremism.  (Peter  Block,  Stezuardship,  Berrett-Koehler 
Publications,  San  Francisco,  1993,  p.  240.) 

Comprehensive  list  of  vulnerabilities/exposures:  http://cve.mitre.org/ 

CIA  cites  United  States'  vulnerability  to  computer  attack: 
httg://wvvvv.cia.gov/csi/studies/summprn0/art08.html. 
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War  Driving 

A  hacker  procedure  of  (physically)  driving  around  neighborhoods  with  a  wireless- 
enabled  personal  computer,  looking  for  wireless  home  networks  to  invade. 

Wh6n  have  you  ever  seen  someone  who  had  no  doubts  who  was  also  correct  about 
anything?  (Orson  Scott  Card,  Xenocide,  Tom  Doherty  Books,  New  York,  1991,  p.  509.) 

Wavelength 

The  speed  of  light  divided  by  the  frequency  of  a  signal  or,  equivalently,  the  speed  of 
light  times  the  period  of  the  signal.  It  determines  the  length  of  the  anterma  needed  to 
receive  the  signal. 

You  can't  push  a  wave  onto  the  shore  faster  than  the  ocean  brings  it  in.  (Susan 
Strasberg,  quoted  by  Noah  ben  Shea  in  Gteat  Jewish  Quotes,  Ballantine,  New  York,  1993.) 

Wearable  Computer  (WC) 

WCs  are  small  computers  that  are  worn  on  a  person.  They  often  include  a  "heads  up 
display"  such  as  used  by  fighter  pilots.  They  can  also  be  combined  with  virtual  reality 
products.  Companies  (such  as  Xybernaut)  have  WC  products  available.  WCs  maintain 
one's  ability  to  have  extensive  knowledge,  information,  and  data  at  one's  fingertips 
throughout  the  day.  It  is  a  relatively  short  step  from  Dick  Tracy's  two-way  wrist 
radio/TV,  to  today's  personal  digital  assistants,  to  tomorrow's  WCs.  (Star  Trek  Deep 
Space  Nine's  Vortas  (e.g.,  Weyoun)  apparently  controlled  starships  using  WCs  with 
heads-up  displays.)  Natural  language  processing  (NLP)  facilitates  the  use  of  WCs,  since 
one  of  the  main  limitations  to  reducing  the  size  of  computers  lies  in  the  input/output 
limitations  of  the  human  body.  Keys,  for  instance,  must  be  large  enough  and  separated 
enough  for  use  by  human  fingers.  Similarly,  displays  must  be  refreshed  sufficiently  to 
prevent  eyestrain  and  large  enough  for  easy  reading.  Microphones  and  earpieces, 
however,  can  be  made  much  smaller.  Speaking  is  also  considerably  faster  than  typing. 

New  and  stirring  things  are  belittled,  because  if  they  are  not  belittled,  the  humiliating 
question  arises,  "Why  then  are  you  not  taking  part  in  them?"  (H.  G.  Wells,  The  World  of 
William  Clissold,  quoted  by  Jacob  Braude  in  New  Treasury  of  Stories  for  Every  Speaking  and 
Writing  Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  313.) 

Web  Beacons 

Also  known  as  clear  GIFs  or  single-pixel  GIFs,  are  small  image  files  placed  on  Web 
pages  and  within  Web-based  e-mail  newsletters.  Working  in  conjunction  with  cookies, 
Web  beacons  allow  accurate  coimting  of  the  number  of  unique  users  who  have  visited  a 
specific  page  and  the  number  of  times  those  pages  are  displayed.  Web  beacons  can  also  be 
used  to  determine  how  many  people  opened  a  Web-based  e-mail  newsletter.  This 
information  is  only  collected  in  aggregate  form  and  should  not  be  linked  to  personally 
identifiable  information.  Without  cookies  and  Web  beacons,  it  would  be  difficult  to  know 
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which  services  have  a  larger  audience  than  others.  Tracking  audience  size  helps  Web 
owners  better  understand  when  to  launch  new  services  and  enhance  current  offerings. 
Any  image  file  on  a  Web  page  can  act  as  a  Web  beacon.  Third-party  advertising  networks 
may  use  Web  beacons  in  their  advertisements.  Because  Web  beacons  work  in  conjunction 
with  cookies,  you  can  prevent  our  Web  beacon  from  collecting  anonymous  information 
by  sehing  your  Web  browser  to  refuse  all  cookies  or  a  particular  one.  Web  beacons  are 
built  into  Web  pages,  so  non-functional  Web  beacons  will  continue  to  appear  even  if  you 
refuse  a  network  cookie. 


28.  (Ranger's  Law)  There  ain't  no  such  thing  as  a  free  launch.  (David  Akin,  professor. 

University  of  Maryland,  "Akin's  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail] 
and  confirmed  by  Dr.  Akin  dcikin@iimd.edu  or  DAKiN@SSI  ..UMPf'd:)!  1  See 
http:/ /spacecraft.ssl.umd  edM/nr;utr.mi,-^/:ains  laws.himl  ) 

Webification  Methods— see  Hypertext  Markup  Language  (Html),  Webify 

1)  Static  HTML  is  used  to  publish  reports  over  the  Web  by  converting  existing 
documents  to  HTML  format.  It  can  be  used  to  connect  clients  to  a  data  warehouse,  for 
instance.  Documents  are  not  limited  to  word  processing  (e.g..  Excel  spreadsheets  can  be  so 
published).  Documents  can  be  posted  to  a  Web  site.  This  process  is  simple  and  easy,  but 
lacks  mteraction  (user  input)  and  has  the  usual  download  problems  (latency,  viewing 
printing  times  and  resources  required). 

2)  Common  gateway  interface  (CGI)  is  an  application 

‘ ^ ^ and  http:/ / wvvvv.cgi-resources.rom  /)  that  manages 
a  database/Web  server  interface.  It  allows  collection  and  publication  aroimd  the  world.  It 
IS  useful  in  distance  learning,  electronic  commerce,  information  distribution,  etc.  It 
embles  users  to  fill  out  forms  over  the  Web.  Forms  run  programs  (or  scripts)  through  the 
CGI.  Programs  are  language  independent  though  the  practical  extraction  and  report 
language  (PERL)  is  the  most  popular  language.  Visual  basic  is  popular  on  Microsoft 
opera^  systems.  Tool  command  language  (TCL),  Unix  shells,  and  C  (very  fast)  are  also 
used.  CGI  offers  easy  maintenance,  real-time  statistics,  and  interactivity.  It  can  perform 
powerful  searches,  collect  information  from  people,  and  can  personalize  an  organization's 
services  (useful  for  customer  and  supplier  relations  management);  however,  it  has 
performance  and  scaling  limitations. 

3)  Chent-side  scripting  embeds  software  routines  into  the  HTML  pages  that  are 
executed  by  the  Web  browser  at  the  client's  location.  They  can  be  used  to  bake  database 
requests.  Languages  include  JavaScript  (Netscape)  and  VBScript  (Microsoft).  The  latter  is 
imited  to  Internet  Explorer,  has  more  functionality  than  the  former,  and  targets  intranets. 
j  MlPv/^'ww.cognos.coin/products/povv-erhouse/phwebvvp2.hfml  and  (resource  for 
JavaScript  code)  http: /  /  wwvv.nevvarchitectrnag.rom  / vvebrndpr  /  and 

http:/  /www.nevv7\rchitectmag.com/. 

4)  Server  Side  Scripting  executes  on  the  Web  server  versus  the  client.  It  adds 
l^ctionality  to  generate  HTML  pages,  read/write  files,  and  directly  access  databases. 

etscape  has  a  server-side  version  of  JavaScript;  Microsoft  uses  active  server  pages  (ASP) 
to  dynamically  generate  HTML  created  by  applications.  Scripts  are  embedded  in  HTML 
documents  typically  in  VBScript.  ASP  works  best  with  Microsoft  SQL  Server  databases. 


370 


Server-Side  Scripts  are  centrally  maintained  and  executed  and  have  better  performance 
than  CGI,  but  have  scalability,  reliability,  portability,  security,  standardization  concerns. 

5)  Advanced  mobile  code  technologies  include  java,  ActiveX,  Dynamic  HTML  (see 
HTML ),  and  XML.  See  individual  item  listings  herein.  Webification,  while  greatly 
increasing  the  availability  and  accessibility  of  knowledge,  information,  and  data,  raises 
major  security  issues.  See  Kris  Jamsa's  heavy  duty  Internet  Programming  and  Danny 
Goodman's  accessible  and  practical  JavaScript  Handbook  (IRMC  Data  Management 
Strategies  and  Technologies  Course). 


Only  Robinson  Crusoe  could  have  everything  done  by  Friday. 

12,  There  is  never  a  single  right  solution.  There  are  always  multiple  wrong  ones  though. 

(David  Akin,  professor.  University  of  Maryland,  "Akin  s  Laws  of  Spacecraft  Design 
[received  via  Internet  e-mail]  and  confirmed  by  Dr.  Akin  dakin@iimd.edu  or 
DA K1N@SST UMD.EDU.  See  http: /  /spacecraft.ssl.umd .edu  / academics,/, 
akins  laws.html.) 

Webify — see  Webification 

To  adapt  or  implement  an  application  so  that  it  can  be  accessed  and  utilized  over  the 
Internet.  An  application  can  be  Web-enabled  so  that  it  is  directly  accessible  or  usable  over 
the  Web.  This  approach  results  in  faster  access  times  (lower  latency).  Alternatively,  an 
application  can  be  hosted  behind  a  Web  portal  using  specific  software  for  this  purpose 
(e.g.,  Citrix).  This  approach  requires  no  change  to  the  application  software  itself  but  does 
require  some  expense  and  does  result  in  slightly  increased  latency.  The  Navy  Standard 
Integrated  Personnel  System  (NSIPS)  was  used  to  test  this  approach  by  the  Space  and 
Naval  Warfare  Systems  Command  System  Center  Charleston  s  detachment  at  the 
Washington  Navy  Yard.  In  a  short  time,  they  were  able  to  webify  NSIPS  for  Web  access 
for  a  limited  number  of  simultaneous  users.  Additional  users  would  have  required 
additional  hardware  that  was  not  available  for  the  demonstration  project.  Task  Force  Web 
has  been  stood  up  to  address  and  implement  the  Navy's  desire  to  access  virtually  all  of  its 
applications  via  the  Web.  To  reduce  costs,  consolidation  of  extant  applications  is 
necessary.  This  very  much  parallels  performing  business  process  reengineering  prior  to 
introducing  IT  versus  manual  processing.  Webification  is  an  IT  capital  planning  and 
investment  decision.  On  April  25, 2000,  Vice  President  Albert  Gore  stated  that,  "One 
important  way  to  make  government  cheaper,  faster,  and  better  is  by  putting  more  critical 
services  on  the  Internet,  and  taking  full  advantage  of  the  information  revolution  that  is 
taking  place  in  private  industry"  {Leadership  for  the  New  hAillennium:  Delivering  On  Digital 
Progress  and  Prosperity,  3rd  annual  report  of  the  U.S.  Government  Working  Group  on 
Electronic  Commerce,  Januaryl6, 2001). 


Art  for  art's  sake  makes  no  more  sense  than  gin  for  gin's  sake.  (W.  Somerset  Maughm. 
Leo  Rosten's  Carnival  of  Wit,  E.  P.  Chjtton  &  Co.,  New  York,  1994,  p.  49.) 


Web  Page — see  Portal,  Web  Site 

A  computer  file,  encoded  in  hypertext  markup  language  (HTML),  that  contains  text, 
graphics  files,  soimd  files  accessible  through  the  World  Wide  Web  (WWW).  Every  Web 
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page  has  a  unique  uniform  resource  locator  (URL)  address  (Encarta  Encyclopedia  Online, 
Microsoft,  Inc.,  http://encarta.TTisn.rnin  [USA]). 


Web  developer's  virtual  library:  http: /  / wwvv.vvdvl.rom  / . 

If  people  don't  want  to  come  to  the  ballpark,  how  are  you  going  to  stop  them?  (Yogi 
Berra,  The  Yogi  Book,  Workman  Publications,  New  York,  1998,  p.  36.) 

Web  Site — see  Portal,  Web  Page 

A  file  of  information  located  on  a  server  connected  to  the  World  Wide  Web  (WWW). 
WWW  protocols  and  software  allow  the  global  computer  network  (the  Internet)  to 
display  multimedia  documents.  Web  sites  may  contain  text,  photographs,  illustrations, 
video,  music,  or  computer  programs.  Web  site  content  includes  hypertext  and  icons  that 
link  to  other,  related  sites  {Encarta  Encyclopedia  Online,  Microsoft,  Inc., 
http:/ /encarta. msn.com  (USA)). 

Web  Developers  Journal  http:/ / vv'ww.webdev'clopersjou rnal.com/. 

The  wise  only  possess  ideas;  the  greater  part  of  mankind  are  possessed  by  them. 

(Samuel  Taylor  Coleridge,  Leo  Rosten’s  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York  1994 
p.  505.) 

WebTV™ 

Now  owned  by  Microsoft,  WebTV  was  one  of  the  first  entries  in  the  much-publicized 
convergence  of  the  World  Wide  Web  with  television.  You  buy  a  set-top  box  similar  to  a 
cable-TV  box,  then  sign  up  with  the  WebTV  access  service  and  browse  Web  pages  using  a 
WebTV  s  browser  and  a  hand-held  control.  A  keyboard  is  provided  optionally.  WebTV 
uses  your  television  set  as  an  output  device;  the  signals  arrive,  however,  through  a 
modem  and  a  telephone  line  at  33.6  kbps  or  56  kbps  (Glossary  ofIM/lT  &  KM  Terms). 

Television  has  proved  that  people  will  look  at  anything  rather  than  each  other.  (Ann 
Landers,  quoted  by  Noah  ben  Shea  in  Great  jeiuish  Quotes,  Ballantine,  New  York,  1993.) 

Television— chewing  gum  for  the  eyes.  (Frank  Lloyd  Wright,  Leo  Rosten's  Carnival  of 
Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p.  479.) 

Wellsprings  of  Knowledge 

According  to  Dorothy  Leonard-Barton  in  Wellsprings  of  Knowledge,  Building  and 
Sustaining  the  Sources  of  Innovation  (Harvard  Business  School  Press,  1995),  there  are  four 
main  techniques  used  for  this  purpose: 

A  man  should  learn  to  detect  and  watch  that  gleam  of  light  which  flashes  across  his 
mind  from  within  more  than  the  lustre  of  the  firmament  of  bards  and  sages.  Yet  he 
dismisses  without  notice  this  thought  because  it  is  his.  In  every  work  of  genius  we  recognize 
our  own  reflected  thoughts;  they  come  back  to  us  with  a  certain  alienated  majesty.  Great 
works  of  art  have  no  more  affecting  lesson  for  us  than  this.  They  teach  us  to  abide  by  our 
spontaneous  impression  with  a  good-humored  inflexibility  greater  than  most  when  the 
whole  cry  of  voices  is  on  the  other  side.  Else  tomorrow  a  stranger  will  say  with  masterly 
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good  sense  precisely  what  we  have  thought  and  felt  all  the  time,  and  we  shall  be  forced  to 
take  with  shame  our  own  opinion  from  another.  (Ralph  Waldo  Emerson,  quoted  by  Ralph 
M.  Lewis  in  The  Immortalized  Words  of  the  Past,  Ancient  Mystical  Order  Rosae  Crucis,  San 
Jose,  CA,  1986,  p.  254.) 

1)  Integrated  problem  solving. 

Never  teU  people  how  to  do  things.  Tell  them  what  to  do  and  they  will  surprise  you 
with  their  ingenuity.  (George  S.  Patton,  SAM  OA  News,  1996,  Vol.  2,  Issue  13,  January  19.) 

How  does  it  happen  there  are  12  on  a  jury?  In  the  beginning  the  idea  was  to  choose  one 
juror  from  each  sign  of  the  zodiac.  It  was  believed  that  in  this  way  a  better  general  opinion 
could  be  obtained.  (Jacob  Braude,  New  Treasury  of  Stories  for  Every  Speaking  and  Writing 
Occasion,  Prentice  Hall  Inc.,  Englewood  Cliffs,  NJ,  June  1961,  p.  262.) 

2)  Implementing  new  methods,  processes,  and  tools. 

The  best  way  to  predict  the  future  is  to  invent  it.  (Alan  Kay,  Director  of  Research,  Apple 
Computers.) 

Moreover,  as  psychological  research  has  demonstrated,  the  acquisition  of  knowledge 
can  occur  through  nonconscious  processes,  through  "implicit  learning."  That  is,  we  can 
acquire  knowledge  and  an  understanding  of  how  to  navigate  our  environment 
"independently  of  conscious  attempts  to  do  so."^’  One  intriguing  implication  is  that  not  only 

can  we  "know  more  than  we  can  tell,"^*’ but  we  often  know  more  than  we  realize. 

Furthermore,  our  efforts  to  rationalize  and  explain  nonconscious  behavior  may  be  futile,  if 
not  counterproductive  . . .  Some  managers  are  beginning  to  question  why  all  employees 
cannot  contribute  to  innovation.  One  manager  in  a  toy  manufacturing  company  complained 
that  in  a  recent  meeting  with  20  people,  "19  thought  tiaey  didn  t  need  to  be  creative. 
(Dorothy  Leonard  and  Sylvia  Sensiper,  "The  Role  of  Tacit  Knowledge  in  Group 
Irmovation,"  California  Management  Review,  Berkeley,  CA,  Spring  1998,  Vol.  40,  Issue  3,  pp. 
112-132.) 

3)  Experimentation. 

Creativity.  If  I'm  right,  it  calls  for  a  different  kind  of  grammar.  A  completely  different 
way  of  looking  at  error.  One  that  welcomes  error.  Embraces  it . . .  But  how  can  chaos  engender 
inventiveness?  By  shattering  preconceptions.  By  allowing  illogical,  preposterous,  even 
obviously  wrong  statements  to  parse  in  reasonable-soimding  expressions  ...  by  putting 
manifest  contradictions  on  an  equal  footing  with  the  most  time-honored  and  widely  held 
assumptions,  we  are  tantalized,  confused.  Our  thoughts  stumble  out  of  step  ...  It  s  how 
creativity  works  ...  A  mind  that's  afraid  to  toy  with  the  ridiculous  will  never  come  up  with 
the  brilliantly  original— some  absurd  concept  that  future  generations  will  assume  to  have 
been  "obvious"  all  along.  (David  Brin,  Brightness  Reef  {Book  I  of  the  New  Uplift  Trilogy), 
Bantam  Books,  New  York,  1995,  p.  548.) 

4)  Outside  sources. 


If  the  only  tool  you  have  is  a  hammer,  you  tend  to  see  every  problem  as  a  nail.  (Defense 
Systems  Management  College,  Manufacturing  Management  Department  Quote  of  the  Day 
No.  2.) 
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Wide  Area  Network  (WAN) 

A  system  of  leased  (or  owned)  communications  links  that  are  usually  used  to 
interconnect  geographic  regions  to  provide  routing,  switching,  or  gateway  points  to 
metropolitan  or  local  area  networks,  or  other  WANs.  It  consists  of  at  least  one  server, 
client  workstation,  a  network  operating  system,  and  a  communications  link  (Glossary  of 
MAT  &  KM  Terms).  ^  ^ 

It  was  hard  to  have  a  conversation  with  anyone;  there  were  too  many  people  talking. 

(Yogi  Berra,  The  Yogi  Book,  Workman  Publications,  New  York,  1998,  p.  42.) 

Wireless 

A  method  of  connecting  to  the  Internet  or  a  local  area  network  (LAN)  via  radio  waves, 
instead  of  wire  or  cable.  Wireless  technology  enables  an  Internet  service  provider  (ISP)  to 
add  users  without  the  expense  of  adding  cable  to  its  own  telephone  company  connection, 
but  line  of  sight"  is  required,  which  means  that  the  radio  antenna  installed  at  each  node 
must  have  an  unobstructed  path  to  the  antenna  maintained  by  the  ISP.  Each  antenna  can 
serve  50-100  workstations  at  T-1  speed  (from  Glossary  of  MAT  &  KM  Terms).  Personal 
digital  assistants  can  now  use  wireless  mode  to  communicate  with  computers,  the 
Internet,  LANs,  and  each  other.  The  Information  Resources  Management  College  (among 
others)  has  created  wireless  LAN  cormectivity  from  its  students'  workstations.  Such 
systems,  however,  can  experience  interference  from  blue-tooth  enabled  devices  that 
provide  wireless  connectivity  to  many  hand-held  devices.  Wireless  (at  about  1.1  Mbs)  is 
much  slower  than  wire  systems  (at  up  to  1  Gbs),  which  can  be  1,000  times  faster.  The  term 
wireless  not  only  refers  to  LAN  data  transmission  (e.g.,  IEEE  802.11,  blue  tooth.  Home  RE) 
but  also  for  wireless  phone  systems  (e.g.,  global  system  for  mobile  communications 
[GSM],  analog  mobile  telephone  service  [AMPS])  and  wireless  cable  television  (e.g., 
multipoint  multichannel  distribution  service,  local  multipoint  distribution  service);  (IRMC 
Managing  Networked  Security  in  a  Networked  Environment  Course). 

All  our  final  decisions  are  made  in  a  state  of  mind  that  is  not  going  to  last.  (Marcel 
Proust,  quoted  by  Noah  ben  Shea  in  Great  jezvish  Quotes,  Ballantine,  New  York,  1993.) 

Wireless  Application  Protocol  (WAP) — sometimes  incorrectly  called  Wireless  Access 
Point 

A  global,  open  specification  that  allows  users  to  access  information  instantly  via 
handheld  wireless  devices,  such  as  mobile  phones,  pagers,  two-way  radios,  smart  phones 
and  communicators.  WAPs  that  use  displays  and  access  the  Internet  run  micro-browsers 
with  small  file  sizes  that  can  accommodate  the  low-memory  constraints  of  handheld 
devices  and  the  low-bandwidth  constraints  of  a  wireless-handheld  network.  WAP 
supports  most  wireless  networks  and  is  supported  by  current  operating  svstems  (from 
Glossary  of  MAT  &  KM  Terms). 

Life  contains  but  two  tragedies.  One  is  to  not  get  your  heart's  desire;  the  other  is  to  get 
It.  (Socrates,  in  3,500  Good  Quotes  for  Speakers,  Gerald  F.  Lieberman,  Ed.,  Doubledav  Garden 
City,  NY,  1983,  p.  70.)  ^ 
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Wireless  Equivalent  Privacy  (WEP) 

An  IEEE  802.11  protocol  algorithm  to  assure  security  equivalence  for  wireless  systems. 
However,  it  does  not  actually  ensure  equivalence  to  wire  systems.  Wireless  security  has 
been  demonstrated  to  exhibit  flaws,  making  it  vulnerable  to  attack.  See  WTLS.  WEP  uses 
symmetrical  encryption  without  key  management.  Encryption  is,  however,  selectable: 
none,  64-bit,  or  128-bit.  If  chosen  encryption  is  the  RSA  (Rivest,  Shamir,  Adelman)  data 
security  RC4  PRNG  (pseudo  random  number  generator)  algorithm.  However,  WEP  uses 
40-  or  104-bit  keys,  which  are  concatenated  with  a  24-bit  "initialization  vector,"  resulting 
in  a  64-  or  128-bit  key.  This  key  is  input  into  a  PRNG  to  encrypt  the  data.  Cisco  has  a 
similar  system  with  64-  or  88-bit  keys.  Hackers,  however,  have  recently  succeeded  in 
analyzing  the  vectors  to  enable  them  to  defeat  the  system.  Therefore,  WEP  systems  are 
not  considered  secure  at  present  (IRMC  Managing  Networked  Security  in  a  Networked 
Environment  Course). 

You  never  have  time  to  do  it  right,  but  you  always  have  time  to  do  it  again  (or  over). 

Wireless  Markup  Language  (WML) 

A  simplified  version  of  hypertext  markup  language  used  in  wireless  devices 
supported  by  the  wireless  application  protocol.  However,  the  Japanese  firm  NTT 
DoCoMo  uses  a  compact  version  of  WML  called  CWML  (from  Glossary  of  IM/IT  &  KM 
Terms). 


The  language  I  have  leam'd  these  forty  years. 

My  native  English,  now  I  must  forgo; 

And  now  my  tongue's  use  is  to  me  no  more 
Than  an  unstringed  viol  or  a  harp. 

(William  Shakespeare,  1564-1616,  Pericles,  Prince  of  Tyre,  from  The  Oxford  Dictionary  of 
Quotations,  Oxford  University  Press,  New  York,  1980,  p.  478,  No.  10.) 


Wireless  Transport  Layer  Security  (WTLS) 

The  method  used  to  implement  security  into  wireless  systems  using  WAP.  It  is  based 
on  secure  sockets  layer  3.0,  but  it  is  not  an  end-to-end  solution.  It  requires  the  WAP 
gateway  to  be  trusted,  since  the  encrypted  information  must  be  decrypted  at  the  gateway 
and  encrypted  again  for  transmission  over  the  network. 

History  has  no  laws,  and  all  we  find  there  are  useful  illusions.  (Orson  Scott  Card, 

Children  of  the  Mind,  Tom  Doherty  Associates,  NY,  1996,  p.  89.) 

Wiretap  Statute,  18  U.S.C.  §  2510  et  seq.;  47  U.S.C.  §  605 

Prohibits  use  of  eavesdropping  technology  and  interception  of  radio  commumcations, 
data  transmission,  and  telephone  calls  without  consent.  Significant  exceptions,  one-part 
consent  rule;  business  extension  exemption  (IRMC  Assuring  the  Information 
Infrastructure  Course). 


As  long  as  words  are  in  your  mouth  you  are  their  lord;  once  you  utter  them,  you  are 
their  slave.  (Ibn  Gabirol,  Leo  Rosten's  Carnival  of  Wit,  E.  P.  Dutton  &  Co.,  New  York,  1994,  p. 
39.) 
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Wisdom 

The  quality  of  being  wise;  knowledge,  and  the  capacity  to  make  due  use  of  it; 
knowledge  of  the  best  ends  and  the  best  means;  discernment  and  judgment;  discretion; 
sagacity;  skill;  dexterity  {Glossary  of  IM/IT  &  KM  Terms).  Wisdom  is  considered  a  higher 
order  function  on  the  human  development  and  ability  spectrum.  It  is  still  unclear  how  it 
would  fit  into  the  spectrum  from  data  to  information  to  knowledge  except  that  it  is 
beyond  knowledge.  Some  people  place  understanding  after  knowledge  and  then  wisdom 
after  understanding.  The  challenge  is  that  the  spectrum  begins  at  a  more  explicit  and 
physical  level  (ones  and  zeros)  to  a  more  implicit  and  mental  level,  even  delving  perhaps 
into  the  metaphysical  or  spiritual  (at  the  wisdom  level).  Thus  the  spectrum  is  qualitative 
as  well  as  quantitative,  greatly  complicating  its  understanding  and  exposition.  It  appears 
that  the  function  is  at  least  two-dimensional  versus  a  uni-dimensional  straight  line  (linear) 
function.  Such  a  view  would  accord  well  with  the  systems  thinking  approach  touted  by 
KM  experts. 


Wisdom  is  a  subtle,  spiritual,  instant  power  to  understand  the  soul  of  things,  and  also  to 
apply  this  understanding  ever  to  immediate  opportunity.  (Ruth  Phelps,  Some  Mystical 
Adveutitves,  Rosicrucian  Analytical  Discussions,  RAD8-34-2,  paragraph  2.) 

It  is  easier  to  put  an  ox  into  an  eggcup  than  for  a  man  full  of  conceit  to  receive  wisdom. 

(Ernest  Bramah,  Kai  Lung  Unrolls  his  Mat,  Ballantine  Books,  New  York,  1974,  p.  139.) 

In  the  end,  it  is  impossible  to  have  a  great  life  unless  it  is  a  meaningful  life.  And  it  is 
very  difficult  to  have  a  meaningful  life  without  meaningful  work.  (Jim  Collins,  Good  to  Great, 

Harper  Business,  New  York,  2001 ,  p.  21 0.) 

Workflow 

The  defined  series  of  tasks  within  an  organization  to  produce  a  final  outcome. 
Sophisticated  wcjrkgroup  computing  applications  allow  you  to  define  different 
workflows  for  different  types  of  jobs.  So,  for  example,  in  a  publishing  setting,  a  document 
might  be  automatically  routed  from  writer  to  editor  to  proofreader  to  production.  At  each 
stage  in  the  workflow,  one  individual  or  group  is  responsible  for  a  specific  task.  Once  the 
task  is  complete,  the  workflow  software  ensures  that  the  individuals  responsible  for  the 
next  task  are  notified  and  receive  the  data  they  need  to  execute  their  stage  of  the  process 
(http:  /  /  WWW,  webopedia  .com  /). 

There  was  a  young  lady  of  Wight 

Who  traveled  much  faster  than  light. 

She  departed  one  day, 

In  a  relative  way, 

And  arrived  on  the  previous  night. 

(Stephen  Hawking,  The  Illustrated  A  Brief  History  of  Time,  Bantam  Books,  New  York 
1996,  p.  199.) 

World  Wide  Web  (WWW,  the  Web);  World  Wide  Web  Consortium  httD://www.wT  org 
An  Internet  facility  that  links  documents  locally  and  remotely.  The  Web  document,  or 
Web  page,  contains  text,  graphics,  animations,  and  videos,  as  well  as  hypertext  links.  The 
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links  in  the  page  let  users  jump  from  page  to  page  (hypertext),  whether  the  pages  are 
stored  on  the  same  server  or  on  servers  around  the  world.  Web  pages  are  accessed  and 
read  via  a  Web  browser,  the  two  most  popular  being  Internet  Explorer  and  Netscape 
Navigator  {Glossary  ofIMAT  &  KM  Terms). 

Life  is  a  great  big  canvas,  and  you  should  throw  all  the  paint  on  it  you  can.  (Danny 
Kaye,  Capital  M,  Metropolitan  Washington  Mensa,  1994,  Vol.  29,  No.  5,  May  1,  p.  1.) 

Worm 

1)  An  independent  program  that  replicates  from  machine  to  machine  across  network 
connections.  It  can  clog  the  system  as  it  spreads.  They  are  similar  to  viruses  but  do  not 
need  a  carrier  program.  Worms  infiltrate  legitimate  programs  and  alter  or  destroy  the 
data.  Worms  are  more  dangerous  than  viruses  and  spread  more  quickly.  The  "Christmas 
Tree  Worm"  of  December  9, 1987  paralyzed  the  IBM  network.  It  was  a  combination  of  a 
Trojan  horse  and  a  chain  letter.  It  posted  a  display,  made  copies  of  itself,  and  mailed  the 
copies  to  everyone  on  the  user's  correspondence  list. 

2)  A  write  once,  read  many  times  type  of  computer  memory. 

What  we  call  progress  is  the  exchange  of  one  nuisance  for  another  nuisance.  (Havelock 
Ellis,  quoted  by  Lawrence  J.  Peter  in  The  Peter  Prescription,  William  Morrow  &  Co.  New 
York,  1972,  p.  11.) 


377 


378 


X 


X.509— see  PKI 

The  main  standard  for  digital  certificates;  it  specifies  their  contents  to  include  version, 
serial  number,  algorithm  used,  issuer,  period  of  validity,  subject,  public  key  information, 
and  signature.  While  many  different  organizations  issue  X.509  certificates,  they  are  not 
necessarily  mutually  compatible.  X.509  includes  extension  fields  and  flags  that  are 
interpreted  differently  by  vendors — reducing  their  usefulness.  Also,  unlike  pretty  good 
privacy  certificates,  X.509s  can  only  be  signed  by  one  certifying  authority  per  certificate. 
X.509  complies  with  the  International  Telecommunications  Union  (ITU)-T-509 
international  standard.  The  PKIX  (Public-Key  Infrastructure  (X.509))  working  group  (of 
the  Internet  Engineering  Task  Force  IETF,  InJformation  Exchange  Task  Force,  was 
established  in  Autumn  1995  to  develop  X.509  public  key  infrastructure  (PKI)  Internet 
standards  (http:  /  / www.ietf.org  /html .charters  / pkix-charter.html).  The  Department  of 
Defense  PKI  Program  Management  Office  issued  DoD  X.509  Certificate  Policy  (version 
5.2,  November  13, 2000  http:  /  /iase.disa.mil/pki/ certpl52.pdf). 

This  man,  brilliant,  imperfect,  but  well-meaning  and  filled  with  a  love  that  was  strong 
enough  to  inflict  suffering  when  it  was  needed.  (Orson  Scott  Card,  Children  of  the  Mind,  Tom 
Doherty  Books,  New  York,  1996,  p.  259.) 
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IG,  2G,  2.5G,  3G  (Wireless  Generations) 

The  first  generation  (IG)  of  mobile  cellular  communications  systems  were  analog. 
Primarily  used  for  voice,  they  were  introduced  in  the  late  1970s  and  early  1980s.  Starting 
in  the  1990s,  second-generation  (2G)  systems  used  digital  encoding  and  have  been  used 
mostly  for  voice.  Between  now  and  the  third  generation  (3G),  which  is  expected  in  the 
2003-2005  timeframe,  a  variety  of  2G+  or  2.5G  techniques  are  being  used  to  improve  the 
speed  of  data  for  enhanced  e-mail  and  Internet  access.  3G  was  designed  for  high-speed 
multimedia  data  and  voice.  Its  goals  include  high-quality  audio  and  video  and  advanced 
global  roaming,  which  means  being  able  to  go  anywhere  and  automatically  be  handed  off 
to  whatever  wireless  system  is  available  (e.g.,  in-house  phone  systems,  cellular,  satellite, 
etc.)  {Glossary  ojlMflT  &  KM  Terms).  4GL  is  fourth  generation  language. 

Let  one  who  is  in  the  present  age  go  backward  to  the  ways  of  antiquity ...  calamity  is 
sure  to  come.  (Confucius,  The  Wisdom  of  Confucius,  Peter  Pauper  Press,  Mt.  Vernon,  NY, 

1963,  p.  30.) 

8121(a)  and  (b)  and  8102 — see  Clinger-Cohen  Act  (CCA) 

Sections  of  the  Defense  Authorization  Acts  of  2000  and  2001  respectively;  the  latter 
continues  the  former.  They  refer  to  the  Clinger-Cohen  Act.  They  require  all  mission- 
critical  or  -essential  IT  systems  to  be  registered  with  the  Department  of  Defense  Chief 
Information  Officer  (CIO)  (Assistant  Secretary  of  Defense  (Command,  Control, 
Communications  and  Intelligence)  and  meet  DoD  data  requirements.  Funding  for  any 
unregistered  systems  was  to  end  on  March  31, 2000.  Major  automated  information 
systems  (MAIS)  receive  acquisition  categories  of  (lAM)  (monetarily  large  IT  programs 
requiring  DoD  approval  per  DoD  5000  requirements)  and  lAC  (delegated  to  component 
or  Service/MILDEP  approval)  regardless  of  funding.  See  CCA,  DAE,  and  PM  above  for 
further  information  on  ACATs).  These  levels  are  similar  to  normal  DoD  acquisition 
category  IIs  (versus  Is).  Milestone  I,  H,  and  III  approvals  require  CIO  certification  of 
compliance  with  the  CCA  to  be  provided  to  Congress  in  a  timely  manner.  Compliance 
areas  specified  are:  business  process  reengineering,  analysis  of  alternatives  (AoA), 
performance  measures  (metrics),  economic  analysis,  and  information  assurance  (lA). 
These  requirements  are  to  be  added  to  DoDI  5000.2  (DoD's  acquisition  bible);  (IRMC 
Advanced  Information  System  Acquisition  Course)  http: /  / wv\av.safaq.hq. af.mil/ 
acq  pol  / dodSOQO  /  final  / . 

20.  A  bad  design  with  a  good  presentation  is  doomed  eventually.  A  good  design  with  a 
bad  presentation  is  doomed  immediately.  (David  Akin,  professor.  University  of  Maryland, 

"Akin's  Laws  of  Spacecraft  Design"  [received  via  Internet  e-mail]  and  confirmed  by  Dr. 

Akin  ciakin@umd.edu  or  DAKIN@SSL.UMD.EDU.  See 

http: /  /spacRcraft.ssl.umd.edu/academics/akins  laws.html.) 
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